Getting control of your DNS
DNS is one of those things that everybody uses and nobody thinks about. We all just assume that when we type our website in the address bar and it comes up, then everything is OK.
In reality, the way your business’s DNS is handled can be a gift or a curse. I can’t think of a technology that has been under more security scrutiny lately than DNS. Years after our typical DNS system was thought to be safe, huge exploits have been found having the potential to wreak havoc on large portions of the internet.
To start off with, what exactly is DNS?
DNS or Domain Naming System is basically a directory of what domain belongs to a particular IP address. A domain can have other features such as email, ftp, sub domains, all of which DNS can manage. In reality, it’s a lot more complicated than this, but for simplicities sake, it just matches a domain to an IP. An IP address is something computers understand, and a domain is something humans understand. Without DNS we wouldn’t have the internet as we know it.
How DNS affects your business…
For the purpose of this article, there’s two main uses of DNS that businesses run into. The first is the DNS that your computer or office uses to connect you to another website. When you click on a link or enter a website in the address bar, your computer goes out and through a series of DNS servers, directs your browser to the server of the website you are trying to reach.
The second, from the other side of the picture, is how the DNS of your website is registered with the DNS servers of the internet. This is important because when someone goes to visit your site, the registrar lists your root DNS servers, and the visitor queries those to find out the actual location of your site.
Where all of this can go wrong…
The easiest way for DNS to work against you, is that if someone has the ability to change the DNS entries that your DNS server would normally give you. Meaning, that if you request the IP for google.com, you are sent to the wrong server such as: hacked-spam-server.com. This is called DNS poisoning, and is a very common tactic for phishing, and malicious attacks. Old DNS servers are particularly vulnerable to poisoning.
As far as your website goes, if your DNS server is the same server that your site is hosted on, which is very common, and the server goes down or is unreachable, it’s as if your site doesn’t exist at all. This can have dire consequences from search engines and even large networks depending on how long DNS entries are cached for.
There are two similar fixes for these, both involve you not managing your own DNS…
For your office network, use a DNS provider like Open DNS. You can add open DNS IP addresses to your router, or to your computer’s network configuration. This will prevent any DNS poisoning to your network, and will also give you the ability to block spam and other websites from your network completely. You can block pornography, malware, proxies, and just about anything else using Open DNS. This is an essential tool for small business owners and IT administrators that don’t want the hassle of managing their employees browsing habits.
For your websites, use a 3rd party DNS service. DNS Made Easy (not free) is a perfect example of this type of service. Instead of entering the address of your own DNS servers, enter the addresses of the 3rd party servers with your website registrar. Services like DNS Made Easy have multiple redundant servers for DNS, so if your server goes down, search engines and browsers have the correct location of it. This way they will be more likely to return once it is back up. You can also use DNS for website fail-over, which would automatically direct traffic to an alternate server if your primary server becomes unavailable.
Troubleshooting and fixing DNS problems can be extremely difficult due to DNS caching, and the fact that you probably don’t have control over any DNS server than your own. For this reason, and to save time and money, I highly recommend using 3rd party services for your DNS.
Subscribe to the RSS feed and have all new posts delivered straight to you.