Skip to main content

With Halloween fast approaching, we thought it was a good time to remind ourselves that the people visiting the web properties aren't benign children looking for treats (i.e. your customers!) but include a host of real monsters. Let's look at a few.

The blob – DDoS attacks on your DNS

Like a growing tide of evil slowly enveloping your precious network resources, DDoS attacks started small and are now massive and still growing. Whether they target your DNS directly, use your DNS to target someone else or whether they overwhelm your DNS resources on route to another application, they are as inexorable, insidious and as evil as they come.

Image removed.

Why so evil? Because the same kid you just gave treats to at the door can easily recruit the resources to target you. There was a great recent case of a 15 year old in Australia that targeted a bank, an ISP and the police themselves.

DNS Mummies are put in the corner and not maintained

Dry, dusty, old, and slow. These creatures are legends from another time. No longer really scary, they have become almost silly in the most recent Hollywood movies. These are the co-workers who arrive to the party dressed in toilet paper because they were too lazy to try harder. If this is true then why are they so scary as they relate to the DNS? As part of our responsibility to help build a better online Canada we research the state of the DNS across the country and look to ways we can help make it better. One such test showed that of the over 120,000 DNS servers that have .CA domains delegated to them, almost 30,000 never once answered a query. Moreover, we found a staggering number of BIND instances that are not up to date with the latest security patches.

Image removed.

Why is this so? Because oftentimes IT departments are so busy fighting daily fires at the application layer they forget the lower layers in the IT stack on which everything relies. This includes everyone from service providers to enterprises. It is a little like the Egyptian king long buried and forgotten – and mummies aren't cool anymore so don't let your DNS become one.

DNS Zombies are living dead queries using your resources

Zombies are a real thing. Unlike our other two DNS Halloween monsters where we are using a metaphor for your real life world, a Zombie echo as it relates to the DNS is responsible for 25% of all queries. APNIC is the regional Internet registry managing IP addresses for Asia Pacific region. They ran an interesting study of the Internet using sentinel bots requiring the creation of unique DNS names for each bot (in order to chart the results). When they had a trigger event on these bots they were able to see that it generated queries from experimental triggers that happened 20-30 days earlier. In effect these had become living dead queries that had nobody waiting for them at the other end. If this interests you then please click the link above because we can't do it justice in such a short blog.

Image removed.

The bottom line is that these DNS zombies were responsible for fully 25% of all the traffic suggesting a load on servers and networking infrastructure with no happy end user on which to generate revenue.

Happy Halloween from CIRA

As you head out this all hallows' eve for fun, revelry, and candy you now have three real scary monsters to give you nightmares. Stay safe, wear bright clothing, and for great pumpkins sake, keep your master server hidden under the virtual covers by locating it safe behind a firewall. With this approach you can let a hosted secondary Anycast DNS service take care of your operational external DNS.