What's Missing from DNS in the Enterprise?

shutterstock 1046552710

A Brief DNS History

DNS is the internet’s backbone, the ‘network before the network’. Originally designed to solve the problem of knowing how to route email between disparate internet hosts, DNS is now a 35-year-old connection protocol at the heart of every network. However, there are inherent shortcomings. First, DNS is naïve – built for an internet without trust requirements as its designers could not have foreseen today’s threats. DNS was built to simply answer questions to establish a connection, and it’s good at that – but that also leaves it susceptible. For example, the support for recursive DNS requests, which query other servers repeatedly, are vulnerable to fake requests from a spoofed IP address leading to Amplifier attacks. DNS caches can be poisoned by viruses, causing domain lookups to go to the wrong IP address. And yet, DNS is an integral part of every email, every web access, and every internet transaction.

The DNS Challenge

No one involved in the initial design of DNS could have imagined the explosive growth of the internet – growth that has already forced a change in the internet protocol (IPv4 to IPv6) to support the growing number of addresses. Nor could they have foreseen the security implications, such as the famous DNS flaw uncovered a decade ago by Dan Kaminsky. It is these basic design flaws that have enabled distributed denial of service (DDoS) attacks, redirects such as the one so famously uncovered by Kaminsky, and other challenges.

Then there are the problems with legacy DNS. Oft-neglected DNS infrastructure often requires time-consuming and risky manual changes, which can consume network professionals’ time – which could be better spent focused on solving business problems.

What DNS Needs

In our increasingly complex world, the need for DNS that easily encompasses every aspect of the enterprise in a centralized manner becomes increasingly important.  Simplifying workload agility – from on-premises to cloud and back, and enabling seamless scalability to support growth, M&A activity, and seasonal spikes to multiple clouds and SaaS providers, are all hallmarks of enterprise-class DNS.

Rather than requiring manual changes, DNS should be software-defined, policy-driven, and support integration with other networking and security tools – all from a single pane of glass. And in a borderless network that supports an anywhere, anytime, and any device user base, DNS should support and enable the goals of both networking and security professionals, rather than drive a wedge between them.

Emergence of Enterprise DNS

These demands have led to new DNS approaches, often referred to as Enterprise DNS. These advances provide visibility into disparate DNS and DHCP enterprise-wide, enabling centralized management of core services regardless of geography. Enterprise security teams can also leverage Enterprise DNS to speed detection and remediation of DNS-focused cyber threats.

Adopting Enterprise DNS is the foundation for securing hybrid environments while increasing overall security. The bottom line is clear: Enterprise DNS is the connecting thread between network and security teams.

About BlueCat

BlueCat is the Enterprise DNS Company™. The largest global enterprises trust BlueCat to provide the foundation for digital transformation strategies such as cloud migration, virtualization and security. Our innovative Enterprise DNS solutions portfolio, comprised of BlueCat DNS Integrity™ and BlueCat DNS Edge™, enables the centralization and automation of DNS services and the ability to leverage valuable DNS data for significantly increased control, compliance and security. For more information, please visit www.bluecatnetworks.com.

Copyright © 2018 IDG Communications, Inc.