What is it?
The Domain Name System (DNS) is a decentralized naming system for computers and other network resources. A computer uses DNS to translate an Uniform Resource Locator (URL, like www.google.com) to an Internet Protocol (IP, like 18.104.22.168) address. It’s roughly analogous to a traditional telephone book, except that lookups are coordinated over an entire network of computers. DNS uses port 53.
DNS provides other services as well; for example, it can perform reverse look-ups (IP address ⇒ URL).
More recently, DNS providers offer such features as scanning for viruses, malware and phishing attempts; some offer parental controls. Not all DNS providers offer these features. Further, some DNS providers protect your Internet lookup history while others use it for marketing, either directly or by selling your query history to other parties.
Why is it a risk?
Because DNS is used for nearly every Internet access, it attracts a lot of attention from attackers.
The SecurityTrails link below explains how a variety of DNS attacks work. Possible goals of the attackers range from redirecting traffic to a malicious site (DNS spoofing, cache poisoning) to overwhelming a system (Denial of Service, DoS) to remotely attacking some other system (Distributed Denial of Service, DDoS).
How can you mitigate the risk?
As a DNS Provider
The best approach is to not run a DNS server at all; this is a job best delegated to your Internet Service Provider (ISP), Skyway West.
If you must run a DNS server, then use firewall rules to limit access to/from port 53 to trusted IP addresses or MAC addresses.
If you must run a DNS server accessible from the Internet, then:
- Require multi-factor authentication for access to DNS servers
- Keep DNS servers patched and up to date
- Uninstall or disable unnecessary applications on DNS servers
- Enable DNSSEC to ensure that DNS responses are digitally signed
As a DNS User
Know what DNS provider(s) you are querying and learn what they do with your query history.
SecurityTrails Types of DNS Attacks