Why Is DNS Important?
Companies think nothing of spending millions of dollars ensuring that their Web sites and email servers are stable and secure. Yet many still forget the importance of DNS, the technology that brings customers and partners to their Web sites and that sends the right email to the right mail server.
DNS is the Internet’s phone directory. You wouldn’t try to run a business from an unlisted phone number, but when your DNS infrastructure stops working, that’s exactly what you’re doing. Even though it is such a fundamental component of the Internet, DNS is often overlooked as a critical element that requires the same redundancy as other technical systems.
Sound security strategy requires no single points of failure. When considering the importance of your DNS, diversity is critical to the design of your DNS architecture. To reap all the security and stability benefits of a comprehensive system, an organization would have to weave diversity into the fabric of its infrastructure at every layer, from the places it deploys its servers to the software it installs to the people it employs.
There are five key dimensions of diversification that are critical to maintaining the security of your DNS:
Berkeley Internet Name Domain (BIND) is the industry standard software for domain name resolution services. In active service for over 20 years, BIND has survived the rapid expansion of the Internet and become more widely deployed than any other DNS software. As open-source software, unlike proprietary solutions, its code has been scrutinized, tested and battle-hardened by hundreds or thousands of programmers over the years.
But no software is invulnerable. Even if critical security problems are thankfully rare occurrences, maintenance patches can be routine in even the most bulletproof of software packages. BIND itself suffered from eight security vulnerabilities between 2007 and 2008. A DNS resolution network running only BIND would have required rolling patches on each occasion, with live unpatched servers running a risk of compromise during that process. The same applies to any piece of DNS software, whether open-source or proprietary.
An organization aiming to bolster stability through diversity would deploy both BIND and at least one other solution. NSD, for example, is an open-source alternative to BIND that was developed in the Netherlands specifically to enable diversity in DNS software and is currently considered reliable enough to run three of the Internet’s root name servers.
By deploying more than one DNS resolution solution, should either suffer from security issues, organizations can simply remove that software from production servers until the problem has been addressed. The same cannot be said of systems using a single flavor of software, whether open source or proprietary.
Additionally, using only a single DNS provider will put an organization at similar risk should a catastrophic event occur. Considering a solution that provides for a secondary DNS provider ensures that even in the event of complete failure of the primary provider, DNS will continue to resolve.
The Internet does not exist in isolation from the physical world. An earthquake in California, a hurricane in Florida, a monsoon in Mumbai … any of these natural disasters could easily take out that area’s power, Internet and DNS resolution. This could result in an organization’s Web presence and entire electronic communications system being unreachable worldwide if it has not built geographical diversity into its DNS.
Indeed, the DNS’s master directory, the root server system that sits at the top of the addressing hierarchy, fundamentally embraces geographic diversity. The Internet has, logically, 13 root servers managed by 13 different organizations using 13 IP addresses. But in reality, the weight of the DNS resolution load is shared between servers deployed at over 180 locations worldwide using IP Anycast.
Organizations should consider an Anycast, geographically diverse DNS network as vitally important to the security and reliability of their online presence.
Recalls of defective components, often in batches of hundreds of thousands or even millions, are a sadly common occurrence. Hardware diversity not only mitigates the risk of falling victim to deliberate attacks against vulnerabilities in firmware, but also eliminates the potential single point of failure that comes with rolling out defective hardware.
The popularity of one vendor’s brand of network routers, for example, makes its hardware and firmware a frequent target for attack. With a diversity of hardware, those routers can simply be removed from the network until a fix is available; this simply isn’t possible with a homogeneous network.
Homogenous server hardware represents similar risks. However, a fully diverse infrastructure would also take into account the various components of those servers, from the CPU manufacturer to the brand of hard disk drives.
Such an infrastructure would also expect diversity right down to the level of the power leads that plug the servers into the walls, and the uninterruptible power supplies and backup generators that power them in emergencies.
Multi-homing is a fact of life for many connected organizations. No serious network administrator would consider relying upon a single ISP for their Internet connectivity; the risk of excessive latency, outright downtime or corporate failure would be too much to bear. By balancing load between two Internet connections, or merely keeping a second or third connection on standby for failover purposes, administrators eliminate the single point of failure their connectivity provider represents.
A fully diverse DNS network would build this reasoning into its network on a global level. Each DNS node should be linked by multiple backbones, with no overlap between providers at different nodes. This ensures that, whether an ISP was hit by massive latency or a clear blackout, the network would be able to continue to resolve DNS traffic normally. A similar level of diversity would be considered when rolling out network operations centers (NOCs).
A diverse technological platform requires diverse sets of knowledge and skills. Likewise, a lone employee solely responsible for any critical system is an obvious single point of failure. A decision to deploy a diversity of hardware or software would necessarily require a commensurate diversity in human expertise, while avoiding the pitfalls associated with giving the keys to the kingdom to a single individual.
Want to learn more about how you can practice safe DNS? Click here to read Afilias’ full white paper “The 5 Dimensions of Diversity: A Winning Strategy for Securing your DNS.” For more information, check out:
http://www.afilias.info/blogs/john-kane/preventing-dns-strain-when-you-deploy-dnssec
http://www.afilias.info/blogs/john-kane/preventing-your-dns-account-being-hacked