What is DNS?
To access Internet resources by user-friendly domain names rather than IP addresses, users need a system that translates these domain names to IP addresses and back. This translation is the primary task of an engine called the Domain Name Server (DNS). (Source)
Attackers are using DNS to redirect traffic to malicious sites, steal data, and conduct attacks that can bring business to a standstill.
- Standards
- Implementation / Use Cases
- Industry Best Practices
- Example Tools / Policies
- CMMC Readiness
NIST resource that defines the requirements for Secure Name/Address Resolution Service (Authoritative Source). NIST resource that defines the requirements for Secure Name/Address Resolution Service (Recursive or Caching Resolver). NIST resource that defines the requirements for Architecture and Provisioning for Name/Address Resolution Service.
This article from Cloudflare gives a high level overview of DNS filtering. Top ten dangerous DNS attack types and how to mitigate them This YouTube video from CISA applies managers and business leaders and provides an organizational perspective and topic overview that may be useful to technical specialists.
This article from Akamai discusses how DNS and DNS attacks work. This guide provides information on how to protect your Amazon AWS domain by configuring DNSSEC protocol. This article from Citrix discusses how to flush negative records, restrict the time to live (TTL) of negative records, preserve Citrix ADC memory by limiting the memory consumed by the DNS cache, retain DNS records in the cache, and enable DNS cache bypass. This article from Microsoft gives an overview of some ways of protecting your DNS using security appliances in Azure.
This link provides best practices for creating DNS policies using Cisco Umbrella. This website provides policies that are commonly used to secure DNS traffic. Combines commercial cyber threat feeds with the NSA’s unique insights to filter external DNS queries and block known malicious or suspicious website traffic, mitigating nation-state malware, spear phishing, botnets, and more. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL. This link provides a sample Domain Name System (DNS) Service Policy and Resources.
- Level 2 | AC.L2-3.1.3 – Control CUI Flow: Control the flow of CUI in accordance with approved authorizations.
- Level 2 | SI.L2-3.14.6 – Monitor Communications for Attacks: Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
CMMC Assessment Guides
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3.