When it comes to the design and maintenance of IT infrastructure, the Domain Name System (DNS) tends to be ruefully ignored. DNS servers are an important part of the internet backbone; once these servers fail, everything else seems to crumble.
Typically, these systems are initially set up with a fairly robust protection strategy. The problem is that they are often forgotten once they are tested and found to be operational. Since these systems are crucial in terms of directing internet traffic and promoting the discovery of websites, it only makes sense that they should not only be protected but also optimized.
To illustrate how that Canadian IT industry has largely forgotten about DNS protection and efficiency, a recent article published by IT World Canada reported of the results of a test conducted by the Canadian Internet Registration Authority (CIRA).
The test, which unfolded over six months, consisted of sending about a dozen daily queries to more than 125,000 major domain name servers. The results were astonishing: 93 percent of servers did not adequately respond to the queries at least once a month. These are servers operated by major IT companies such as Web hosting providers.
Based on the CIRA test, experts make the following recommendations to IT managers who must keep their domain name server strategy in top shape:
1 - DNS Audits
The servers that handle domain name operations are seldom subject to comprehensive audits. This should be the first step in 2016, and it should be incorporated into the regular audit of hardware infrastructure and software systems. This inspection should also look into the access policy and zone configurations.
2 - Logging and Monitoring
Keeping an eye on the server logs is the first line of defense related to domain name operations. Modern hacks on DNS servers can be difficult to notice on a day-to-day basis; however, checking the logs for unusual activity can lead to the discovery of malicious requests. Server monitoring tools that provide visual status of the system are also helpful from a security standpoint. Looking at traffic volume charts and setting alarms can help to put up early defenses against a distributed denial of service (DDOS) attack.
3 - Secondary Service Installation
The best advice from CIRA is to make use of the D-Zone Anycast system, which provides a secondary platform for domain name operations. DDOS fears effectively dissipate with a secondary service such as D-Zone, which also provides improved latency for website visitors and others who need to access servers.