Scalability, high availability, and performance are fundamental to the success of a commercial product deployment. And if the workload includes multiple entry points for requests, it is important to properly set up smooth load balancing in order to achieve the required uptime and speed. One of the solutions in this case is to use a DNS service with origin servers health checks.
The Domain Name System (DNS) is at the core of the engine that keeps the internet running. We have explained how DNS works and why it is critical to the functioning of the internet in our Synthetic Monitoring Guide. The DNS resolution relies on various components, such as the DNS resolvers, name servers, authoritative servers, and zone files, to function properly and the process typically takes milliseconds to complete.
Just about 2 weeks after its most recent outage, Microsoft experienced a severe DNS outage Thursday Evening at approximately 21:30 UTC on 01 Apr 2021. That’s the official start of the outage from Microsoft. But we all know that official starts and actual starts are often different. Exoprise DNS and server monitoring caught the error about 10 minutes earlier (not our biggest amount of headroom for an outage) but that is frequently the nature of DNS failures.
On Wednesday 17th March, globally used DNS provider Network Solutions experienced the dreaded downtime we all hope to avoid. Starting at 4am Eastern time and continuing through to Thursday 18th with still no resolution, it’s affected thousands of people across the world. Network Solutions are the 4th biggest domain registrar in the world, with nearly 7 million users worldwide.
Our Managed Threat Detection and Response team responded to an Alarm indicating that suspicious reconnaissance activity was occurring internally from one of our customer's scanners. This activity was shortly followed by escalating activity involving brute force activity, remote code execution attempts, and exfiltration channel probing attempts all exploiting vulnerable DNS services on the domain controllers.
When the Domain Name System (DNS) was created in 1983 I imagine its creator Paul Mockapetris and his team had no idea that nearly 40 years later our interconnected world would be so reliant on the very simple, but critical, DNS network service. I have a love-hate relationship with DNS. I love all of the memes I see about how “It’s always DNS”, but I hate that it’s also true—I always forget to check that DNS is working correctly when troubleshooting network issues!
The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020. As the vulnerability allows an attacker to perform remote code execution on Windows Server via DNS, it poses an extremely serious danger and can propagate over the network without user interaction.
TL;DR: On January 7, the Detectify security research team found that the .cd top-level domain (TLD) was about to be released for anyone to purchase and claimed it to keep it secure before any bad actors snatched it up. A technical report with full details is available on Detectify Labs. This blog post will discuss the basics of domain takeover.
A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues. DNS (short for the Domain Name System) continues to be described as “the phonebook of the Internet,” but many people, including most readers of this blog, will be more familiar with the basic workings of DNS than with the outdated phenomenon of paper phonebooks.