Reply to Iris
Hi Iris, I agree with you on how you chose to go about this topic. Attacks on the Domain Name Server are on the increase, and you are right in saying that much as there is security imposed on the servers, there is still so much that has to be done to protect these servers from hackers. The DNS servers are formed mainly for usage and not for security. This explains why there have been numerous attacks on the servers and also on the server’s cache. Attackers often take advantage of the communication between the clients and the servers and even communicate with the three different types of DNS servers. The thought of someone being able to tamper with the DNS servers and probably people’s personal information can be scary because you never know how much data you are giving out to the wrong person or even people. Though there are significant attacks on DNS servers, there are chances of making these attacks lesser. This can be done using the latest DNS software versions or using the two-factor authentication for a company’s DNS server organization. (Rouse, 2020)
Reply to Thomas
Hi Thomas, I agree with you on what you have said regarding Domain Name System Security Extensions (DNSSEC). It is true to say the security extension serves to safeguard the world wide web from false DNS information, which is usually provided by hackers. Hackers interfere with DNS servers by providing forged DNS information. The security extension works by digitally signing reliable zone data (Verisign, n. d). This kind of digital signing aids in assuring users that all information provided is true and that it has not been interfered with or otherwise been forged. It also serves to provide accurate information stating whether or not certain domain names exist. The purpose of DNSSEC is to make sure that there is a trust established when using the internet. Much as it protects internet users from possible forgery, it is not solely for the web but is also for other internet services. This is one reason why DNSSEC is a reliable and safe means of protecting internet users without fear.
Different organizations choose different DNS zone names. Organizations that use the tailwindtraders.net DNS zone name often have to use a split-brain Domain Name Server for configuration purposes. Split-brains work by providing information established on the origin of the DNS question. DNS Zone Scopes help users formulate various DNS Zone documentation that supports many different zone scopes, and DNS documents fit into the many different zones. This is how the implementation of DNS split-brains is undertaken. To create DNS policies, group a DNS zone scope with another zone scope which contains documents which should be channeled to an outside user with a different one that should be directed to an internal user. Once you are done creating these policies, one is supposed to state how users would be able to obtain information based on their IP addresses. After this, all information that should be available to public users is put into default zones while those of internal users are placed on internal zone scopes (Thomas,2019).
Rouse. M., (2020). DNS Attack. Retrieved from https://www.google.com/url?sa=t&source=web&rct=j&url=https://searchsecurity.techtarget.com/definition/DNS-attack%3Famp%3D1&ved=2ahUKEwj7p8rP-ZfrAhW3BGMBHQzMBq4QFjAAegQIARAB&usg=AOvVaw1LmlkChh4X_PPgIJOwQq4J&cf=1
Thomas. O., (2019). Windows Server 101: Configuring Split-Brain DNS On Windows Server. Retrieved from https://argonsys.com/microsoft-cloud/library/windows-server-101-configuring-split-brain-dns-on-windows-server/
Verisign. (n .d). How DNSSEC Works to Provide the Protocol For A Secure Internet. Retrieved from https://www.verisign.com/en_US/domain-names/dnssec/how-dnssec-works/index.xhtml