The Current and the Future States of DNS Security (2020)

Andre Camillo, CISSP
The Startup
Published in
17 min readAug 2, 2019

--

The path to secure DNS
“The path to secure DNS, a long and winding road” — Photo by Jesse Bowser on Unsplash

./intro

Domain Name System (referred to as DNS from here onwards) is one of the oldest protocols/technology’ stacks that we still use on our Networks.

Its origins date back to 1987 when its original RFCs were made public (they were two, RFC1034 and RFC1035).

Back then, no security controls were added to the DNS specification.

Over a decade went by, the WEB took over (and neither the Information at your fingertips or Information Superhighway projects saw their market release) and as a result, DNS started being used in large scale on the internet. Only then — in the early 90s — after many political discussions around cryptography and internet privacy (and internet security — see RFC6973) took place, it was decided that some Security controls for the protocol were needed.

The purpose of this document is to expose what the proposed solutions were and where we stand nowadays with regards to Security for the DNS infrastructure. This will serve you as a guide for further research on the subject, I’ve made sure to share a substantial amount of references and sources on the topics so that you do that later.

./dnsfoundation

Before you move on, it may be worth a review on how DNS works.

--

--

Andre Camillo, CISSP
The Startup

Cloud, AI and Cyber Security tech, Career, Growth Mindset. Find my Discord &more: https://linktr.ee/acamillo . Architect @Crowdstrike. Opinions are mine!