09 November 2020
Two people working together and sharing ideas while standing over a laptop

Today’s blog post discusses threats to an organisation’s DNS including “DNS spoofing” and “DNS cache poisoning” and how they can impact your online business. We discuss the benefit of investing in advanced DNS security protocols such as DNSSEC and look at how your .au registrar can be of assistance.

DNS spoofing vs DNS cache poisoning

As defined by the team at Kaspersky, DNS spoofing is “the resulting threat which mimics DNS server destinations to redirect a domain's traffic”. This type of attack lures unsuspecting users to seemingly legitimate websites hosted on illegitimate servers, intended to cause harm by capturing personal credentials or directing users to malicious links and/or downloads.

They go on to explain that DNS cache poisoning occurs when “your system logs the fraudulent IP address into your local memory cache”,and then forwards traffic to an illegitimate destination. In either case, unsuspecting traffic is misdirected, so DNS spoofing and cache poisoning often go hand in hand. Caching occurs once a website address that has been tampered with is accessed and is then stored in the device's cache, repeatedly infecting the device each time that website is visited. 

DNSSEC

With the rise in online businesses in 2020, came a reported increase in malicious activity in Australia and around the world. In July 2020 we published an article on The State Of Cybersecurity for Australian Businesses in collaboration with .au registrar and brand services provider CSC, sharing advice on best practices for organisations to put in place to protect their systems. One such best practice is applying Domain Name System Security Extensions (DNSSEC) to each domain name.

Protecting your DNS should be of high priority for your organisation, and DNSSEC is a recommended practice to safeguard against threats including DNS spoofing and DNS cache poisoning. In 2019 Australian government domain name registrar, dta.gov.au enforced DNSSEC across the .gov.au zone file, meaning that “attacks where an attacker can cause incorrect answers to DNS queries to be stored in the DNS cache of resolvers or devices”, such as DNS cache poisoning, are mitigated. 

How your .au registrar can help

Although DNSSEC has been implemented in .au, this does not automatically mean your online business is protected, as it needs to be enabled by your registrar, as VentraIP explains in this helpful article.

Here at Afilias, we strongly recommend considering the benefits of implementing advanced security to secure your online business such as DNSSEC. This year has proven to us all that having an online presence is vital and if protecting your business is important to you, we encourage you to talk to your .au registrar about implementing DNSSEC right away. 

Have a question, comment or idea for a future blog post? Email us at blog@afilias.com.au today.