DNS Security

The original design of the Domain Name System (DNS) did not include any security details; instead, it was designed to be a scalable distributed system. The later Domain Name System Security Extensions (DNSSEC) standard seeks to address this by adding security, while maintaining backward compatibility. DNSSEC was designed to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data, such as that created by DNS cache poisoning.

DNSSEC can protect any data published in the DNS, including text records (TXT), mail exchange records (MX), and can be used to bootstrap other security systems that publish references to cryptographic certificates stored in the DNS such as Certificate Records (CERT record), SSH fingerprints (SSHFP), IPSec public keys (IPSECKEY), and TLS Trust Anchors (TLSA).

  • EfficientIP – DNS Guardian

    DNS Guardian is a protective DNS solution that delivers built-in security to cache, recursive and authoritative DNS servers. It is the premier secure DNS appliance on the market offering complete and real-time DNS Transaction Inspection (DTI), enabling in-depth understanding of the context of client requests. By analysing transactions at the heart of the DNS server […]

    DNS Guardian is a protective DNS solution that delivers built-in security to cache, recursive and authoritative DNS servers. It is the premier secure DNS appliance on the market offering complete and real-time DNS Transaction Inspection (DTI), enabling in-depth understanding of the context of client requests.

    By analysing transactions at the heart of the DNS server (queries, responses, fragments, recursions), threat visibility is enhanced well beyond known attack patterns and overcomes the limitations of signature-based protection systems that only offer limited peripheral traffic visibility.

    DNS Guardian offers in-depth analysis of the DNS traffic to detect data exfiltration and identify attacks (cache poisoning, DNS tunnelling, DGA malware and bots etc.) then quickly activate adapted countermeasures to protect service continuity and integrity.

  • BlueCat – DNS Security

    An organisation’s network and security teams need unprecedented visibility into their network to spot incoming threats. BlueCat’s DNS security sits at the edge of the network – the ‘first hop’ – without the need for an agent. In order to even get close to critical systems, malicious threats have to get through a self-sufficient, highly […]

    An organisation’s network and security teams need unprecedented visibility into their network to spot incoming threats. BlueCat’s DNS security sits at the edge of the network – the ‘first hop’ – without the need for an agent. In order to even get close to critical systems, malicious threats have to get through a self-sufficient, highly intelligent barrier first.
    BlueCat’s DNS Security features allow customers to…

    • Spot more threats

    Eliminate DNS as a threat vector by applying policies to DNS traffic, limiting access to sensitive data while locking down critical systems.

    • Identify and respond faster

    Outwit cybercriminals with smart analytics. It is possible to be able to detect DNS tunneling, DNS poisoning, beaconing, and any other evasive techniques, while quickly remediating any breaches.

    • Simplify compliance

    Easily configure, deploy and enforce DNS policies across the network.

  • IP Performance enabled us to trial the system in a test environment and then between Dubai and Edinburgh. They provided us with full support and fast response to any problems.

    Gavin Wilson, Systems Development Manager,
    Heriot Watt University