Decentralized working requires thorough, secure DNS management
By: Mohammed Al-Moneer, Sr. Regional Director, META at Infoblox
Where is your data stored? Where is the software located? You used to be able to answer these questions by pointing to the cabinet where your server was located. Today it is more difficult. Is it on your own server(s)? In the cloud? Both, everywhere and nowhere? Without Domain Name System (DNS), you have no idea.
In a world in which organizations increasingly work decentralized, it becomes all the more important that you arrive at the right destinations. This makes the system that regulates this, DNS, even more important for the organization. Bad DNS management not only limits productivity, but also brings increasing security risks.
DNS has traditionally been referred to as the telephone directory of the Internet. In daily use, you get online access to information via domain names, such as wikipedia.org. Browsers, on the other hand, communicate via Internet Protocol (IP) addresses. DNS translates domain names into IP addresses so that browsers can find the correct information.
Every device connected to the internet has a unique IP address that other machines use to communicate with this device. DNS servers save people from having to remember long, complex IP addresses.
The role of DNS is changing
About a decade ago, chances were your applications and data lived in the physical infrastructure of a single data center. Today, all that has changed: Applications and data are typically spread across multiple endpoints thanks to the rise of cloud technologies.
Over time, the tools that control traffic have also changed. Like the rest of your digital infrastructure, DNS is more dynamic than ever today. You are selling DNS short by calling it a telephone book. The DNS servers act as hubs for countless connections between applications, data, and users. The title of ‘traffic controller’ is therefore not out of place.
Security – the challenge in DNS
Safety is an important responsibility for every air traffic controller. Security has also become a hot topic for DNS. Because DNS is an attractive target for attacks. For example, it is increasingly used as a tool in DDoS attacks, but DNS is also attacked to redirect web traffic to malicious servers.
When everyone works in the office, the role of security is reserved for firewalls and similar measures. But when employees, applications and data are decentralized, DNS also needs to know which routes an information request can and may take.
In concrete terms, this means that DNS blocks the visit of known malware sites for all users in the network. When a user clicks on a phishing link, DNS blocks access so that no malware is downloaded. In its role as traffic controller, DNS thus ensures that you do not accidentally download malware.
It is important that you as an organization have control over this. Great to let your navigation system determine which route will lead you the fastest to your holiday destination, but is it desirable to give an external party control over the routes within your organization?
If possible, Google’s traffic controller will always refer you via and/or to Google. The same goes for every major cloud provider. This quickly leads to dependencies, making it less easy to set up a multicloud environment, for example. Therefore, do not bet on one (cloud)horse!
Are you going for the toll road or the B-road?
DNS traffic can easily be compared to the route you take to the campsite in the South of France. You can go to your destination via the toll road, or you can take a B-road. If you take the toll road you are safe and in control, but via the B-road there are more obstacles. Do you want to be sure that you will arrive safely at your destination in this rapidly changing world? Then arrange for an independent traffic controller to guide you through the obstacles of the modern internet.