Yesterday, Network World posted an article “Securing DNS should trump budget-cutting for enterprise IT, experts say”. It explains that even during economic downturns, IT budget cuts should not effect the budget put into DNS – a core network infrastructure service.
Some may be asking since when is DNS part of my core network infrastructure? Why can’t I just throw a DNS server on one or two of my web servers and call it a day?
All Internet operations stop working when DNS stops working.
DNS connects the outside world and internal networks to your services. DNS is involved whenever you decide to visit a website or send email, and in some organizations it can route your phone calls. DNS tells you which specific computer you need to go to on the Internet to find a host on a domain. If your DNS is not telling someone how to get to your services, they will go somewhere else. If DNS is not working inside of your business employee’s work progress comes to a halt. This happens regardless of the redundant links and backup servers you have.
You may remember that earlier this year Dan Kaminsky uncovered a major DNS flaw. Dubbed the Kaminsky attack, it was found that almost all recursive DNS servers could observe the same consequences- poisoned DNS caches. We quickly covered the issue over the summer in an article
“DNS Security and BIND“.
According to the article in Network World:
The findings show that despite the DNS community’s and several vendors’ efforts, a significant number of server administrators have yet to take action. As for the reasons behind the lack of patches, more than 45% cited a lack of internal resources, 30% said they were unaware of the vulnerability and 24% reported they didn’t have enough knowledge of DNS to take the appropriate steps.
Take the work out of your organization. You already outsource other critical pieces of your infrastructure to services that you deem experts (think email, phone service, colocation services, content delivery, maybe even computing). Shouldn’t you outsource another important piece of your infrastructure, the piece that allows the world to reach your network?