Notice: Monitoring services will be discontinued from March 31st, 2019.
DNS vulnerability Monitoring
The features included with the DNS Vulnerability monitoring are the following :
- DNS recursion check
- Invalid DNS packet errors
- Failed attempt to perform a zone transfer.
- DNS update denied errors.
- General mis-configuration of DNS Server.
- Server out of memory issues that hinders DNS reload.
- TCP/UDP attacks to DNS
- DNS version check
What are the common threats to DNS Servers?
The DNS servers are being hit by four main types of attacks: zero-day, cache poisoning, denial of service (DoS) and distributed denial of service (DDoS).
Zero-day attack, a previously undiscovered vulnerability that resides within the DNS server software or the DNS protocol stack is exploited to compromise, confuse or even crash a DNS server.
Cache poisoning is one of the more notable types of attack. To speed up the process of connecting the points on the Internet, the DNS system holds many local copies of itself in regional caches. By exploiting bugs, local malware or poor DNS server configuration, external agents can inject fraudulent addressing information into DNS caches in order to launch an attack. Users accessing the cache with the aim of visiting a targeted site are, instead, redirected to a different server, under the control of the attacker. For example, this could be a fake e-tail site that offers a close replica of the target’s official site, tricking users into divulging financial information.
DoS, like its name implies, blocks users from accessing a given Internet service or web site. This is typically achieved by flooding a victimized web site with simultaneous queries, creating such high volumes of traffic that legitimate users can’t enter the site.
DDoS is a more elaborate form of DoS. It involves a network of zombie computers, often in the thousands, which the attacker commandeers from the victim by spreading malware from one machine to another. Even a single infected desktop on a local network can generate more than 200,000 DNS queries per second and almost kill a DNS server by stopping most of its internal services.
What would securing DNS Server mean?
You need to follow the best security practices for DNS servers.
1. Use the latest DNS software and ensure patches are applied.
2. Disable recursive functions within DNS Server. This helps to prevent the Recursive Name Server Reflection Attacks common in DDoS attacks.
3. Eliminate Single Points of Failure. Having a failover solution would be adequate, but having multiple DNS engines would be the most effective solution, though it is expensive, and is cost effective if implemented only on large scale.
4. Implement DNSSEC to prevent data modification, and hence the DNS spoofing attacks. How to implement DNSSEC on your server - http://admin-ahead.com/cPanel-Plugins/cPanel-DNSSEC-Plugin.html
5. Enable clustering solutions with failover to be able to absorb DDoS attacks. Our gDNS clustering solution : http://admin-ahead.com/Admin-Ahead-gDNS-Cluster/admin-ahead-gdns-cluster.html
Why do I need security monitoring for DNS Servers?
Every server on the Internet is prone to the attacks mentioned above, and therefore, needs to be protected. Our monitoring system not only monitors and alerts you for these external attacks, but also does performance checks, out of memory issues and zone transfer failures.