Domain name service security changes strongly recommended

As the Internet has grown, so has reliance on DNS (domain name service). There are 149,657,691 domain names that end in .com registered right now. The growing usage of domains and their importance for reputation (web) and communication (email) means security and functionality are paramount.

There are four reasons that every domain name owner or administrator should consider updating their DNS as soon as possible.

1: DNS Flag Day will occur on or about February 1st, 2019. This change will remove certain workarounds that are slowing down DNS and hindering the deployment of new functionality. Many domains DNS servers do not appear to support modern DNS standards.

2: Most domains do not use DNSSEC. As a result DNS spoofing and other exploits may be possible. DNSSEC signs the domain’s root zone to ensure that DNS queries can only be responded to by an authenticated server. With it enabled most DNS spoofing attacks are no longer possible.

3: There is a large scale DNS hijacking attack going on, likely from a foreign power. DHS has just put out an alert on this matter advising all domain owners to act ASAP. Adding MFA to your registrar (and DNS provider if different) is crucial.

4: Finally, we strongly encourage clients to consider adopting a DMARC policy to increase mail deliverability and reduce outbound phishing and spam that may appear to originate from their domain via SMTP origin spoofing. As of now your domaindoes not have any DMARC policy setup. Most domains do not utilize SPF, DKIM or DMARC.

Envescent can help your company with all of these DNS enhancements. Reach out if your company needs help.

Posted in cybersecurity.