DNS Best Practices 1
DNS Security Best Practices
DNS Attack Types
(in)Famous DNS Attacks
DNS Attack Mitigations
100

A BlueCat architecture directive to achieve the Best Practice of separating internal and external for caching/recursive and authoritative layers

What is (BlueCat) 4 quadrant DNS Architecture?

100

This Best Practice is a way to block known malicious or suspicious queries from being resolved.

What is DNS Filtering/DNS FW (Edge)?

100

This attack uses small DNS queries to generate large response packets with the aim of impacting service availability.

What is DNS Amplification?

100

This company's supply chain was compromised by use of DGA in the SUNBURST backdoor to escape detection.

What is SolarWinds?

100

An effective way to mitigate DGA and DNS tunneling (hint: BlueCat product).

What is Edge? (policy: detect and block DNS tunneling and DGA)

200

Ways to achieve the Best Practice of hiding DNS Servers and DNS Information in a query response

What are hidden/stealth roles?

200

This Best Practice is important to keep known DNS vulnerabilities covered.

What is keeping up with updates and patches?

200

This attack targets a DNS Recursive server with spoofed responses from an Authoritative Server with the aim of contaminating the cache with fake entries.

What is DNS Cache Poisoning/Spoofing?

200

Often regarded as possibly the greatest security threat the Internet has ever faced, the so-called “K" Bug emerged in July 2008.

What is the Kaminsky Bug (DNS Cache Poisoning)?

200

Setting caps on the number of requests a particular IP address can make within a specified time frame.

What is response rate limiting?

300

A DNS server that's willing to resolve recursive DNS lookups for anyone on the internet.  Don't do this.

What is an open DNS resolver?

300

This Best Practice are ways to restrict access to DNS zone data.

What is ACLs, TSIG, zone transfer restrictions?

300

This attack changes the DNS resolver settings of a client to redirect it to malicious resolvers with fake entries.

What is DNS Hi-Jacking?

300

On October 21, 2016 a DDoS attack on this DNS provider took many key web properties such as Twitter and Netflix offline.

What is DynDNS (Mirai Botnet DDoS)?

300

Piggybacking on network routing protocols for DNS server IPs that allows multiple DNS servers to share the same IP address and route client traffic to the 'nearest' server.

What is Anycast?

400

A way to achieve the Best Practice of monitoring for anomalies in configuration (drift), DDI HA, and have proactive alerting. (hint BlueCat product) 

What is BCIA?

400

This best practice leverages this type of research data provided by providers such as CrowdStrike, Palo Alto Unit 42, Cisco Talos, and others.

What is Threat Intelligence (Edge Policy Engine, BDDS RPZ).

400

This symmetrical DDoS attacks aim to tire-out server-side assets (such as CPU or memory)

What is DNS flooding?

400

In October 2002 these special servers were DDoS attacked.  In February 2007, the same special servers experienced a greater attack, where only 2 of the 13 server's performance were impacted.  Again in Nov&Dec 2015, these servers were able to withstand a large DDoS attack.

What are the (13) root DNS servers.

400

Using service providers designed to mitigate large-scale DDoS attacks. (Hint: BlueCat product).

What is BlueCat Cloud DNS? (hosted external DNS - CloudFlare)

500

What are the BlueCat ways to achieve the Best Practice of enabling DNS Logging

What is Edge, BDDS DNS Activity, BDDS Integrity query logging?

500

This Best Practice is a way to ensure DNS data hasn't been tampered with during transmission.

What is DNSSEC?

500

This attack floods DNS servers with queries for domains that will either slowly respond, or not at all with the intent of a DoS attack.

What is a DNS Phantom Domain Attack?

500

In May of 2017, this malware became a global threat, eventually neutralized by a response from this FQDN: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

What is WannaCry (ransomware)?

500

A novel way to mitigate a cache poisoning attack. hint: 32

What is 0x20?