October’s massive distributed denial of service on Dyn DNS proved once again the importance and yet, the vulnerability of DNS. Dyn’s managed DNS services were hit in three separate waves from morning to evening, taking down major websites like Netflix, Twitter, Spotify, Reddit, and SoundCloud in the process.
DDoS attacks on managed DNS services are nothing new, though this one, engineered by the Mirai botnet virus and the IoT devices it hijacks, was worse than anything we’ve seen before. Similar attacks are likely in the works. It’s no secret why hackers want to attack DNS; why target one site, when you can take out multiple sites by attacking their DNS provider? DNS, which resolves web domains to their underlying IP addresses, is the first thing that has to happen to connect a user’s web browser to a website. If DNS resolution doesn’t happen for a site, that site will not load.
DDoS attacks can have the most devastating effect on DNS. But they are by no means the only way DNS services can be compromised. DNS poisoning, where a hacker breaks into DNS records and redirects a site to a malicious IP address is another threat. This is why DNS has to be monitored continuously with synthetic monitoring. Real-user monitoring, though valuable, is not an option when users can’t get to your site to be monitored.
Foiling attacks on DNS may be a job for information security professionals, but knowing when an attack is occurring so you can respond as quickly as possible and minimize the impact on your users and customers is where performance and site reliability engineers come in.
Fortunately, the right digital experience monitoring tool can help you to monitor DNS performance levels, including detecting DDoS attacks and DNS poisoning. To stay on top of DNS issues with observability.