DNS Security

The original design of the Domain Name System (DNS) did not include any security details; instead, it was designed to be a scalable distributed system. The later Domain Name System Security Extensions (DNSSEC) standard seeks to address this by adding security, while maintaining backward compatibility. DNSSEC was designed to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data, such as that created by DNS cache poisoning.

DNSSEC can protect any data published in the DNS, including text records (TXT), mail exchange records (MX), and can be used to bootstrap other security systems that publish references to cryptographic certificates stored in the DNS such as Certificate Records (CERT record), SSH fingerprints (SSHFP), IPSec public keys (IPSECKEY), and TLS Trust Anchors (TLSA).

  • EfficientIP – DNS Guardian

    DNS Guardian is a protective DNS solution that delivers built-in security to cache, recursive and authoritative DNS servers. It is the premier secure DNS appliance on the market offering complete and real-time DNS Transaction Inspection (DTI), enabling in-depth understanding of the context of client requests. By analysing transactions at the heart of the DNS server […]

    DNS Guardian is a protective DNS solution that delivers built-in security to cache, recursive and authoritative DNS servers. It is the premier secure DNS appliance on the market offering complete and real-time DNS Transaction Inspection (DTI), enabling in-depth understanding of the context of client requests.

    By analysing transactions at the heart of the DNS server (queries, responses, fragments, recursions), threat visibility is enhanced well beyond known attack patterns and overcomes the limitations of signature-based protection systems that only offer limited peripheral traffic visibility.

    DNS Guardian offers in-depth analysis of the DNS traffic to detect data exfiltration and identify attacks (cache poisoning, DNS tunnelling, DGA malware and bots etc.) then quickly activate adapted countermeasures to protect service continuity and integrity.

  • BlueCat – DNS Security

    An organisation’s network and security teams need unprecedented visibility into their network to spot incoming threats. BlueCat’s DNS security sits at the edge of the network – the ‘first hop’ – without the need for an agent. In order to even get close to critical systems, malicious threats have to get through a self-sufficient, highly […]

    An organisation’s network and security teams need unprecedented visibility into their network to spot incoming threats. BlueCat’s DNS security sits at the edge of the network – the ‘first hop’ – without the need for an agent. In order to even get close to critical systems, malicious threats have to get through a self-sufficient, highly intelligent barrier first.
    BlueCat’s DNS Security features allow customers to…

    • Spot more threats

    Eliminate DNS as a threat vector by applying policies to DNS traffic, limiting access to sensitive data while locking down critical systems.

    • Identify and respond faster

    Outwit cybercriminals with smart analytics. It is possible to be able to detect DNS tunneling, DNS poisoning, beaconing, and any other evasive techniques, while quickly remediating any breaches.

    • Simplify compliance

    Easily configure, deploy and enforce DNS policies across the network.

  • ‘We are really happy with the Juniper Mist solution provided by IP Performance and in fact when you look at the number of daily connections I would say it’s exceeded our expectations, for example in our Coatbridge campus the feedback from all staff and students for a number of years has been really negative regarding the Wifi but right now we currently have 600 users connected. The ability to look at the monitor and see what the trends are in terms of time-to-connect and successful connections also gives us the ability to see a problem before it impacts on a number of users. Therefore this reduces the amount of Wifi issues that are submitted to our helpdesk, so this again shows that the solution works.’

    Joe Livingstone ICT Manager (Network),
    New College Lanarkshire