In the age of COVID-19, DNS challenges are becoming an even bigger problem for employers.
“One of the things about working in internet technology is nothing lasts forever… [Students] come to me and they say, ‘I want to do something that has an impact 20, 50, or 100 years from now.’ I say, well, maybe you should compose music because none of this technology stuff is going to be around that long. It all gets replaced.”
—Paul Mockapetris, co-inventor of the domain name system (DNS)
It would have been difficult for Paul Mockapetris to anticipate the DNS challenges we are dealing with today. As foresighted as he may have been, DNS inventor Mockapetris got one thing wrong in a retrospective interview about his contribution to internet history. Namely, some aspects of technology do have at least 20-year staying power. In this case, his own invention: the domain name system, or DNS.
But DNS, just three years shy of its 40th birthday, is on the cusp of a major reimagining–one that could enhance the privacy of business and private users alike for some time to come. According to some experts, it may even be worthy of the title “DNS 2.0.”
DNS Challenges Today
While DNS has evolved significantly in the more than 35 years since originally conceived, the skeletal structure remains much the same. DNS is the internet’s protocol for translating the URLs humans understand into the IP addresses machines do.
The problem is that this system never meant to consider privacy or security. With DNS today, requests are made and resolved in plain text, providing intrusive amounts of information to whomever may be resolving or inspecting them. That is most likely an ISP, but it may also be a government entity or some other source. In authoritarian countries, governments can use this information to prosecute individuals for visiting sites with outlawed content. In the United States, it’s more likely to be monetized for its advertising value.
“The problem with DNS is it exposes what you’re doing,” says Webroot product manager and DNS expert Jonathan Barnett. “If I can log a user’s DNS requests, I can see when they work, when they don’t, how often they use Facebook, the Sonos Speakers and Google Nests on their network, all of that. From a privacy perspective, it shows what on the internet is associating with me and my network.”
This can be especially problematic in terms of home routers. Whereas business networks tend to be relatively secure—patched, up-to-date and modern—”everyone’s home router tends to be set up by someone’s brother-in-law or an inexperienced ISP technician,” warns Barnett. In this case, malicious hackers can change DNS settings to redirect to their own resolvers.
“If you bring a device onto this network and try to navigate to one of your favorite sites, you may never wind up where you intended,” says Barnett.
In the age of COVID-19, DNS challenges are becoming an even bigger problem for employers. With a larger workforce working from home than perhaps ever before, traditional defenses at the network perimeter no longer remain.
“To maintain resilience,” says Barnett, “companies need to extend protection beyond the business network perimeter. One of the best ways to do that is through DNS protection that ensures requests are resolved through a trusted resolver and not a potentially misconfigured home network.”
DoH: The Second Coming of DNS
In response to these concerns, DNS over HTTPS (DoH) offers a method for encrypting DNS requests. Designed by the Internet Engineering Task Force, it leverages the HTTPS privacy standard to mask these
Industry Experts Laud Biden Proposal for Increased Federal Cybersecurity Spending
The Importance of Being Security-Centric
Judge: AWS Does Not Have to Reinstate Parler
Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures
Microsoft Taps Longtime Vet to Lead U.S. Partner Organization
Why Partners Should Prioritize AI in 2021
Despite Drop in Data Breaches, Exposed Records Jump in 2020
Legal Experts: VMware’s Lawsuit Against Nutanix’s New CEO Lacks Weight
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.