The creation of the Domain Name System (DNS) in the early 1980s was a big achievement. Its design considered a vast functionality, but security was not a priority almost four decades ago. The problem is that criminals knew it, and soon they took advantage of this weak point. Criminals developed different attacks using the DNS, like the dangerous DNS spoofing.
What is DNS spoofing?
DNS spoofing is a hacking attack. Criminals enter spoofed or forged entries or DNS records into the cache of a recursive server to respond to DNS users’ queries with a spoofed record, for instance, a forged IP address. This way, legit traffic is maliciously directed to dangerous destinations (forged websites). Once there, users can be pushed to type sensitive data (passwords, bank card details, etc.) for criminals to take advantage of later.
How to prevent DNS spoofing?
Almost forty years have passed since the DNS creation. Attacks have become more harmful. And with the migration of more offline services to the online world, users’ sensitive data are strongly at risk every day. As a website owner, to protect users’ security is essential not to lose trustability and clients!
Monitor and Filter the DNS traffic exhaustively.
Currently, different software alternatives for scanning all data received are available. Data are not sent unless they pass through this scanning. If the software detects something wrong, data will be stopped.
Filtering has proved to be an efficient method to detect attacks. There are different solutions on the market. Quality ones offer two-way traffic filtering at different levels like DNS, HTTPS, and HTTP.
Protect your DNS by adding DNSSEC.
DNSSEC or Domain Name System Security Extensions verifies the authenticity of the data. This suite includes digital signatures, advanced cryptography, and more methods for validating answers to domain name requests. DNSSEC makes sure that malicious redirections don’t happen.
Encryption is an efficient tool for protecting DNS data integrity, meaning DNS requests and answers. Encryption involves the use of two keys, a public and a private one. Without the private key that is in the hands of the website’s owner or administrator, criminals can’t sign their spoofed DNS records. Even if they manage to enter them into the cache, those forged records won’t be validated by the public key.
Patch regularly your DNS servers.
Not only endpoints but servers also have vulnerabilities that can be fixed by patching them. To keep patching up on time can save you problems. There are tools for automating this process.
Prove if the authoritative name server matches what is locally answered.
In the past, many requests needed validation of their PTR (reverse) records. But the practice has become rare. The advantage of this validation is that if the authoritative name server gives a different answer than what is locally answered, the DNS packet gets an invalid mark. TCP/IP protocols can see this and be aware of the spoofed packet, not to allow it. Unfortunately, this doesn’t work yet for HTTP requests.
Users also can prevent DNS spoofing. Remember, their sensitive data are the main target of criminals.
- Use VPN (a virtual private network), especially if you will send sensitive data. Public networks are too risky.
- Look for security and authenticity signs on websites before you type any data. The padlock symbol on the address bar is a good beginning.
- Avoid strange links. Not clicking blindly can save you from dangerous traps.
DNS spoofing is a big threat for website owners and users. Security technology and safe practices are a good combo to prevent it!