DNS and IT security

(To Matteo Mauri)
16/08/21

Smart technologies solve problems, effective technologies prevent them.

What are DNS?

The acronym DNS (Domain Name System) indicates the System (of Domain Names) used on the Internet, with which a string is associated with an IP address (a "sequence" of numbers that allows you to reach a device connected to the network) . This string is called FQDN (Fully-Qualified Domain Name) and is, compared to a numerical sequence, more easily memorized by users. It is in fact (with a good approximation) the string that users enter in the address bar of the browser when they want to reach a website, for example.

To allow the user to reach the website, the entered string (FQDN) must be translated into an IP address: this is possible thanks to the DNS infrastructure, of which DNS servers are an essential component. In order to get a good browsing experience and browse quickly, DNS servers need to offer high performance and low response times.

Fast browsing is one of the most common reasons why web users decide to change their browsing settings, using third-party DNS. But alongside this motivation, some problems related to IT security also push to set DNS different from those provided by your provider.

Numerous malware abuse the DNS service to make it difficult to identify Command-and-Control (C&C) servers directly under the control of the botmaster. Domain Fluxing and IP Fluxing techniques are examples of methods frequently used for this purpose. An analysis of the domains generated by the hosts can therefore allow to identify the presence, within the network, of machines infected with malware.

In phishing campaigns or fraud attempts, attackers usually register Internet domains that the user can easily confuse with legitimate domains (because they are similar, for example, to those of a well-known brand). This is in order to increase the chances of success of the attack. Also in this case, the DNS monitoring allows to promptly identify the attack attempts and, with blocking actions, significantly reduce the probability of success of the attack itself.

Among the various web hosting services that provide DNS to change your browsing settings, or improve performance, we point out Pluribus One Internet Security® (internetsecurity.pluribus-one.it)

This free service, operating directly on the DNS, acts by previously blocking malicious domains and IPs, thus protecting against threats of various kinds such as malware, phishing and scams.

It also blocks and hides banners and unwanted advertisements that slow down and burden web pages during browser-supported navigation, even acting on the ever-increasing number of advertisements inserted at the beginning of the video content.

To use this service, simply set the following DNS on your device:

  • Primary DNS: 15.161.13.182;
  • Secondary DNS: 15.161.200.219.

The procedure is always reversible and the DNS previously used in the device can be set at any time.