Choosing a DNS Provider
When choosing a DNS provider (Domain Name System) hosting service, it’s important to understand a few basic concepts behind DNS and the internet. Familiarizing yourself with basic DNS hosting concepts and some potential vulnerabilities will help you choose a hosting service provider right for you and your business needs.
A comprehensive DNS provider, one that looks at the big picture and provides security and reliability will protect against all possible vulnerabilities. This is what you want to safeguard your business assets. Choosing a competent provider to manage your DNS can be a difficult task if you don’t understand the basics. It’s one of the most important things about the internet. Ask yourself; are you taking your DNS seriously?
So, what is DNS?
It’s the naming system for the internet’s addresses. Each domain name, (ex. hello.com), corresponds to an IP (internet protocol) address, a series of numbers (66.37.140.33), which goes to a website. The IP addresses are assigned domain names as they are easier for users to remember than the number sequences.
Individual computers, in fact each individual device, connected to the internet has its own IP address. For devices to communicate on an IP network, they need an IP address. It’s like a street address for a house. Websites have IP addresses too.
Everything on, and attached to, the internet has an address. Your computer and phone link to the internet via IP addresses, but so does your WIFI connected LED lights, robo vacuum, programmable thermostat and security system. They all have an IP address. Every destination online has its own unique address also. We just think of it as a domain name. DNS is what converts the number address into the domain name. We need DNS servers to house, or host, these domain names and translate their IP address to a common known domain name.
These IP addresses reside in physical hardware devices in their network settings. DNS servers are housed in physical locations and are maintained, monitored, and serviced by a DNS provider, like FirstLink Technology, for end users.
When a request is sent to the DNS server to resolve a query, 4 servers are involved in loading a webpage; the DNS recursor, the root server, the TLD nameserver and the authoritative nameserver. There are a lot of moving parts and steps. There are 6 Steps to a DNS Lookup:
- DNS request begins when you try to access a domain name on the internet
- The first stop is the local DNS cache
- If the IP address is not in your local DNS cache, then DNS will check with a recursive DNS server.
- A request is made to the TLD name server
- Request sent to authoritative nameserver and IP address is given to recursive DNS server where it is stored in local DNS cache to your computer.
- Your DNS service gets to the IP address and connects to the domain name you queried
DNS caching is helpful as it speeds up DNS requests by reducing the bandwidth of the DNS requests across the internet. DNS changes need time to update and it takes time for every DNS server to have their cache updated to the latest IP address data. However, DNS cache is vulnerable to hacking.
Major Vulnerabilities:
- If an attacker gets inside a firewall and they have control of a computer, they use DNS to lookup important server names like mail servers and name servers. They can get the internal DNS server to send over lots of domain zone information or perform what’s referred to as a DNS zone transfer attack.
- DNS caches aren’t “authoritative” and hackers have figured out how to manipulate them and spoof DNS responses
- Hackers use covert channels to exfiltrate data without setting off any alarms like DNS tunneling
What To Look For in a DNS Provider
It’s critical to choose a hosting provider that not only monitors zone files and spf (sender policy framework) records which protect against email spoofing and phishing scams, but also ttl files which control how often a website refreshes. All of these provide security on the domain name. When choosing a DNS provider be clear on your business priorities and needs. We’ll explore questions to ask your hosting service in our next segment.
FirstLink’s primary hosting services are website hosting, email services, and cloud computing. We offer everything from simple shared hosting accounts to full enterprise virtual cloud environments. Our focus is security and reliability, which is why we go the extra mile in our hosting services. Contact FirstLink today for a free, no obligation assessment of what hosting option would be the best fit for your business needs.