A Route To Safer DNS

MEDIA Protocol
4 min readJul 20, 2018

--

A recent poll of 1000 senior technology and security decision makers around the globe by DNS security firm EfficientIP revealed that a massive 77% of organisations were hit by a DNS attack in 2018.

DNS attacks are costing UK firms over £3m annually, and not only that, they can affect the biggest commodity businesses have — trust.

Security breaches, such as the well-publicised TSB IT disaster this year cause a breakdown in trust between the business and consumer. And if your customer can’t trust you, they won’t be a customer for much longer.

DNS is a public protocol at the core of the open Internet. It’s fundamental to our daily life and internet use, so it’s essential that we start looking for ways to offer more security and transparency.

Blockchain could be the decentralised hero that we need. Not only would this remove a single point of attack, but it could offer security and transparency to all interactions with DNS.

A Quick Catch Up On DNS

DNS is essentially the Internet’s equivalent of a phone book. It’s a directory of domain names that are linked with Internet Protocol (IP) addresses.

Each website has its own unique number that is used to access the website. However, just like you assign phone numbers to a name, each website is given a more memorable name to allow access, so that you don’t need to remember the number each time you want to visit.

It starts with a Domain Registrar for the domain registration. They provide the source of authoritative Name Servers (DNS Resolvers) for a domain. Most registrars these days allow for encrypted and signed records to evidence that an NS server is in fact who it says it is.

This encryption is designed to avoid vulnerabilities to attacks such as NS hijacking.

NS hijacking is a nasty trick used in phishing scams or to censor specific domains and is often linked with malware.

But while encrypted records can prevent NS hijacking, there are still multiple ways in which DNS is vulnerable.

What Are The Vulnerabilities Of DNS?

In 2008 security researcher Dan Kaminsky accidentally discovered a major vulnerability in DNS.

Cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the DNS to divert Internet traffic away from legitimate servers and towards fake ones.

Users who are sent to malicious destinations risk entering their precious sensitive information into false sites, such as spoof bank or shopping websites. That means that bad actors suddenly have access to a host of information, from your email address to your password info.

And the lack of transparency around DNS records doesn’t help.

If you change a DNS record, the only way of telling what has been changed is to check through server logs or compare to previous lookups. There’s no clear record of what has been changed or when that is easily accessible.

There’s also the major problem of DNS relying heavily on centralised authorities for the initial allocation of names and the ongoing ability to perform name lookups.

So, what can we do to make DNS more secure?

The key is blockchain.

How Can Blockchain Offer Security To DNS?

Blockchain is safe, secure and transparent. It uses a decentralised system to offer unrivalled security.

We’ve written about the security of blockchain before. You can catch up with Our Blockchain Education Programme here:

If blockchain could be implemented by the Registrars, that would legitimise the link between Registrar and Name Servers. It would also allow the providers of Name Servers to track, audit and authenticate DNS changes over time.

The records would be secure, traceable and accessible to all. Most of all, they would be decentralised.

In 2016, the Mirai botnet showed just how easy it is for criminals to compromise critical internet infrastructure. By bringing down the domain name system (DNS) service provider for most major websites, the attackers were able to cut off access to Twitter, Netflix, PayPal, and other services.

A blockchain approach to storing DNS entries could, in theory, improve security by removing the single, attackable target and instead relying on the peer-to-peer network of blockchain.

The main blocker is that domains and DNS are low value economic markets. To adopt such a change, the value will need to be felt by those interested. Without that, you’ll never get worldwide adoption.

A Safer DNS With MEDIA Protocol

In relation to MEDIA Protocol applications, that’s where it gets interesting.

MEDIA Protocol believes that secure content is better content. We’re deeply committed to creating a more direct, transparent and secure ecosystem for content creators, publishers, and consumers through the revolutionary application of blockchain technology.

The introduction of blockchain to DNS would provide a platform on which content can be distributed and monetised in a manner that is vastly more secure and trustworthy than it has been since the inception of the Internet.

Join that with the audit features that go with blockchain, and you have yourself a trusted economic platform, based on a tried and proven infrastructure. An infrastructure that is already the backbone of the internet and used by nearly every connected device on the planet: DNS.

Isn’t it time we made sure that our core infrastructure is as strong as possible?

For more information regarding MEDIA Protocol find us on our social channels below:

Website: www.mediaprotocol.org
Facebook: https://www.facebook.com/MEDIAProtocol
Twitter: https://twitter.com/MEDIA_Protocol
LinkedIn: https://www.linkedin.com/company/media-protocol/
Telegram: https://t.me/Media_Protocol_Community and https://t.me/MP_Announcements
Medium: https://medium.com/@mediaprotocolsm
YouTube: https://www.youtube.com/c/MEDIAProtocol

--

--

MEDIA Protocol

MEDIA Protocol is a transparent blockchain content sharing system. People value content. We add value to great content with MEDIA tokens.