How to protect your infrastructure from DNS cache poisoning

Domain Name System (DNS) is our root of trust and is one of the most critical components of the internet. It is a mission-critical service because if it goes down, a business’s web presence goes down.

DNS is a virtual database of names and numbers. It serves as the backbone for other services critical to organizations. This includes email, internet site access, voice over internet protocol (VoIP), and the management of files.

You hope that when you type a domain name that you are really going where you are supposed to go. DNS vulnerabilities do not get much attention until an actual attack occurs and makes the news. For example, in April 2018, public DNS servers that managed the domain for Myetherwallet were hijacked and customers were redirected to a phishing site. Many users reported losing funds out of their account, and this brought a lot of public attention to DNS vulnerabilities.

The fact that DNS has been around for a long time contributes to its security problems. By design, it is an open service on the network that is not properly monitored and for which a traditional security solutions cannot protect efficiently.