USA: +1(669)289-8683 
Sign in
Question(s):
Respond to at least two of your peers by addressing one of the following:
- Select a different frame of reference (infrastructure, security, or maintenance) and compare the effect on the selected topic identified in the original post.
Or
- Provide additional considerations, advantages, or implications related to the original post.
_____________________________________________________________________________________________________
PEER POST # 1
One security concern of using DNS is DNS cache poisoning or spoofing. This attack is when malicious data enters the DNS cache and redirects traffic to malicious sites. This produces many problems for both network and organizational security. Users may unknowingly be directed to fraudulent websites, leading to data breaches, phishing attacks, or other malicious activities. To mitigate the risk of spoofing, organizations should implement best practices such as regularly updating DNS software, using secure DNS configurations, and monitoring DNS traffic. DNS Security Extensions can also be implemented to add extra security by digitally signing DNS data.
Another consideration is the choice between static DNS and dynamic DNS. Static DNS is more secure as the IP addresses are assigned manually, but static is much less flexible. Dynamic allows for automatic updates to the DNS records but introduces security risks if not properly configured. Unauthorized updates could lead to rogue DNS records, enabling attackers to change DNS information. Organizations must assess their needs and find the balance between the ease of dynamic and static security. Ensuring proper access controls, updates, and monitoring DNS changes can help mitigate the risks with dynamic DNS.
PEER POST # 2
DNS does play an important role in network communications, but it has it’s own security issues. It’s really susceptible to man in the middle attacks. Such as DNS spoofing and poisoning. These types of attacks are where an attacker can intercept DNS requests and get the user to resolve to a web server that the attacker has control of. A method attackers use for DNS poisoning is editing a client’s host file. This is a bit tough to pull off, but the host file takes precedent over all DNS queries. This means no matter the configuration of the DNS, that machine will resolve what’s in that host file.
In this section I’ll discuss the different zones. First, let’s define the different DNS zones. The master or primary zone, is the zone that contains all of the zone data. This zone is where the DNS can be configured by the administrator (and where it can be configured to disallow certain queries to resolve). The secondary or slave zone is a read only copy of the zone data that’s managed by the master zone. This zone is primarily meant to serve as a back up for when the primary is down. This means less down time or possible DOS protection. There is another zone that we can discuss here too, called the reverse zone. This zone is meant to map the IP addresses to their domain names. So let’s think the opposite of a forward lookup query. As an example, if I was to type 8.8.8.8, this would resolve to Google.
Lastly in this post, I would like to discuss the difference between static and dynamic DNS. Static DNS is useful for when you want to assign a static IP address to a server. So anytime you want to access this server, you know the address to it. This could be a file server or an email server and etc. A dynamic DNS is where the server will automatically check for updated IP addresses for the servers. There are plenty of benefits for companies to use DDNS. Some APIs can’t use static IP addresses. Meaning a DDNS will solve this problem because it automatically updates and prevents downtime. It’s also more cost efficient because a static IP address can be more difficult to obtain. However, there are some security risks with DDNS and the ability to automatically update mappings can be a gold mine for attackers. This kind of goes back to the man in the middle attacks discussed earlier. If an attacker can get control of an organization’s DDNS update mechanism, they can get it to resolve to their own malicious web server.
