A Deep DNS Dive on the Recent Widespread DNS…

DNS Security
(Last Updated On: April 25, 2023)

In February 2019, Brian Krebs Deep DNS Dive updated the world about a new type of “DNS-based Man-in-the-Middle” attack.  A Deep Dive on the Recent Widespread DNS Hijacking Attacks summarizes two reports. The first from Cisco Talos’s DNSpionage Campaign Targets the Middle East. The second is from Mandient Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. The attacks were sobering. This prompted an ask to the community to check the security of their DNS Authoritative services, their DNS Registrars, and their DNS Registries. The problem: the ICANN DNS Security recommendations were confusing to the experts, let alone the normal DNS administrator. 

Akamai then pulls together all their DNS experts to simplify a checklist that anyone can use. You can find this in  Akamai’s Blog ‘PROTECTING YOUR DOMAIN NAMES: TAKING THE FIRST STEPS‘ for understandable actions to protect your domain. In summary, the “checklist” includes:

DNS Authoritative Admin Security

You could be at risk!

These defensive DNS administrative tasks apply to large, medium, and small DNS zones. For example, on my zones, I have a registry lock, 2FA, and set up “admin emails” that are not part of the zone.  Read through ‘PROTECTING YOUR DOMAIN NAMES: TAKING THE FIRST STEPS‘  and ask questions to bgreene@senki.org. People will help. 

Additional Reference Articles from 2019

Are you looking for more practical, public-service Security Advice?

The materials and guides posted on www.senki.org here are designed to help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit and Meaningful Security Conversations with your Vendors. Each is no-nonsense security for all Operators. It provides details to help them build more security-resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights.