dns cybrary

A Domain Name System (DNS) is essentially the ‘phonebook’ of the Internet. DNS is an elaborate, fault-tolerant way of connecting people to resources online. While it is quite complex, this article will provide you the simplest of overviews of DNS and how it works.

The Internet today has 13 “Root Name Servers“. They go by letters from ‘a’ through ‘m’. Root name servers identify hierarchically, all other name servers responsible for different domain types (i.e.: .gov, .com, .edu). For example, the root name servers do not know where amazon.com is by IP. However, they do know where a .com name server, local to you is, that can give you the IP Addresses for this domain. The .com DNS server will be asked and it will provide the correct IP Address back to your computer to connect you in a matter of milliseconds.

DNS also plays a role in email security through certain resource or record types. Email is delivered based upon your domain name having a DNS entry called an Mail Exchange (MX) record. MX records are used by the internets email systems to know how to deliver email to your domain. Unfortunately, anyone can pretend to be anyone else online leading to phishing and spoofing attacks.

To combat this, the Internet Engineering Task Force (“IETF”) created DNS protocols to protect users and domains from these attacks. These DNS records include: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Unfortunately, not all domains have enabled these security protections. Enabling these three DNS records helps protect your clients from impersonation attacks purportedly from you, but really from a hacker. They can prevent spoofing attacks and limit who can send email from your domain.

Talk to your DNS admin today about enabling DNS security protocols like SPF, DKIM, and DMARC. You’ll be glad you did.

Source: CSO Online, SmarterTools

Related Terms: DMARC, DKIM, SPF

What does this mean for an SMB?

SMBs should have SPF, DMARC and DKIM set up to help avoid malware and phishing attacks from landing in user inboxes. Here are some actions that can be taken by your company to help improve security and reduce the chances of becoming a victim to a phishing attack:

  1. Setup SPF, DKIM, and DMARC records to block the receipt of emails masquerading as your domain name.
  2. Train your employees on how to spot, avoid, and delete phishing attacks.
  3. Test your employees with Phish Testing attacks; re-train those that fail in your tests.
  4. Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to.

To learn more about DNS, watch this 5 minute video: