{"id":3603,"date":"2014-01-29T16:21:36","date_gmt":"2014-01-29T16:21:36","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=3603"},"modified":"2020-05-06T10:31:36","modified_gmt":"2020-05-06T17:31:36","slug":"improved-security-through-dns-inspection-part-1","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/","title":{"rendered":"Improved Security Through DNS Inspection (Part 1)"},"content":{"rendered":"<p>Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (<a href=\"http:\/\/en.wikipedia.org\/wiki\/Dns\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DNS<\/a>) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Fqdn\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">fully-qualified<\/a>\u00a0host names to IP addresses.\u00a0 If you inspect the DNS queries taking place over a network you can gain an understanding of which systems are communicating with each other.\u00a0 Forensically inspecting this DNS query traffic provides valuable insight into malware infected hosts and other malicious behavior on a network.\u00a0 Security systems can utilize this data to detect and prevent security incidents.<\/p>\n<p><strong>DNS is a Target<\/strong><br \/>\nDNS is a critical component of the networking infrastructure. \u00a0Without DNS, nothing in the environment will function. \u00a0Attackers are acutely aware of the security implications of DNS and the value it represents to their hacking business ecosystem. \u00a0 \u00a0Attackers target DNS by performing Distributed Denial of Service (<a href=\"http:\/\/en.wikipedia.org\/wiki\/Denial_of_service\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DDoS<\/a>) attacks, trying to poison the cache and many other threat vectors. \u00a0Hardening DNS servers and using DNS Security (<a href=\"http:\/\/en.wikipedia.org\/wiki\/DNSSEC\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DNSSEC<\/a>) can go a long way toward security, but they do not add any operational intelligence to how DNS is being used in an environment.<\/p>\n<p><strong>DNS Gives Clues about Malware<\/strong><br \/>\nThe reason that this DNS information is so valuable at catching malware is that botnets and other malware change their IP addresses frequently. \u00a0The attackers want to hide themselves among many public IP addresses while using the same URL for their malware. \u00a0The attackers change their DNS entries frequently using a low Time-To-Live (TTL) value for the DNS A\/AAAA record. \u00a0The malware is encoded with a single URL to query, but it can end up communicating to any one of many IP addresses that is ultimately the server that serves up malware installations or the IP address of the botnet command-and-control (C&amp;C) system. The attacker does not want their IP addresses to show up persistently on \u201cblock lists\u201d so they move around frequently. \u00a0This technique of rapidly changing the IP address is called \u201c<a href=\"http:\/\/en.wikipedia.org\/wiki\/Fast_flux\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Fast Flux<\/a>\u201d.<\/p>\n<p><strong>Reputation Filtering Based on IP Address<\/strong><br \/>\nThe down side for many of these reputation filtering systems is that they use the IPv4 address to track the malicious sites. \u00a0With the impending deployment of Carrier Grade NAT (CGN)\/Large-Scale NAT (LSN) systems, attackers are likely to move their malware to systems that maintain a consistent public IP address. \u00a0Today, many content filtering systems that are inspecting IP addresses in connections only work with IPv4 and do not work with IPv6. \u00a0Furthermore, many\u00a0<a href=\"http:\/\/www.networkworld.com\/community\/blog\/ipv4-reputation-filtering-not-long-term-solut\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">reputation filtering systems<\/a>\u00a0do not yet use IPv6 prefixes in their lists of known bad locations on the Internet. \u00a0This is true for traditional firewalls, Web Application Firewalls (<a href=\"http:\/\/www.networkworld.com\/community\/blog\/web-application-firewalls-and-ipv6\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WAFs<\/a>),\u00a0<a href=\"http:\/\/www.networkworld.com\/community\/blog\/should-you-allow-inbound-e-mail-over-ipv6\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">e-mail spam filters<\/a>, web content filters, and Intrusion Prevention Systems (IPSs).<\/p>\n<p><strong>Two Techniques for DNS Inspection<\/strong><br \/>\nThe key to performing this type of forensics on DNS query and response traffic is the ability to capture these packets off the network. \u00a0DNS queries are sent from end-nodes to their recursive DNS resolver, and then from the resolver to the Internet-based root and Top Level Domain (TLD) servers or to forwarding DNS servers.<\/p>\n<p>One way that DNS inspection can be deployed is to add intelligence to all the internal caching DNS servers within an organization. \u00a0The drawback to this technique is that not all systems in your environment may be using your enterprises internal DNS resolvers. \u00a0There could be other systems in your environment, like BYOD mobile devices, that are using external DNS servers on the Internet. \u00a0For example, there could be systems using\u00a0<a href=\"https:\/\/developers.google.com\/speed\/public-dns\/docs\/using\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google\u2019s Public DNS<\/a>\u00a0servers (8.8.8.8, 8.8.4.4, or 2001:4860:4860::8888, 2001:4860:4860::8844)<\/p>\n<p>The problem with this internal caching DNS server detection technique is that malware can modify the DNS settings on the client. \u00a0This DNS server modification is made without the end-user being aware of change because it does not affect their experience. \u00a0Malware like \u201c<a href=\"http:\/\/en.wikipedia.org\/wiki\/DNSChanger\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DNSChanger<\/a>\u201d changes the recursive DNS resolver for the infected client to another rogue Internet-based DNS server that can redirect users to alternate destinations. \u00a0The\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/DNS_hijacking\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">rogue DNS<\/a>\u00a0servers could redirect users to web sites that are hosting malware, or to fake Man-In-The-Middle (MITM) sites that look like the real sites and capture usernames, passwords, or credit card data. \u00a0If you intend that all your enterprises\u2019 internal users use the same caching DNS server, then identifying internal systems that are using other external DNS resolvers could also be a clue to find compromised systems.<\/p>\n<p>A second method for performing DNS query inspection is to deploy an inspection system at the Internet perimeter choke point. \u00a0This capability could be implemented similar to an Intrusion Detection System (IDS) where a simple tap\/SPAN\/mirror of the Internet-bound traffic is captured and analyzed for DNS \u201cfunny-business.\u201d \u00a0However, this approach only has the ability to detect issues, (it\u2019s powerless to stop the connections by blocking the DNS query\/response). \u00a0If the DNS security system was implemented in-line with the Internet traffic path, then the system would have the ability to stop the undesirable DNS queries\/responses and thus stop the connection from taking place.<\/p>\n<p>For an enterprise, the logical place to capture this traffic is at the enterprise\u2019s Internet perimeter. \u00a0However, if you have these DNS forensic capabilities built into all an organization\u2019s DNS servers in addition to those DNS servers at the perimeter, it provides better visibility to all types of DNS queries and responses.<\/p>\n<p><strong>Summary<\/strong><br \/>\nIt is important to be aware of the ways that attackers try to leverage DNS for their means. \u00a0The DNS servers can be the target of the attack. \u00a0The malware can also target the way that DNS is being used on the infected end-user computer. \u00a0Gaining deeper visibility into your DNS traffic can give you insight to these types of attacks.<br \/>\nIn the second part of this blog series we will cover the techniques for mitigating these security issues. \u00a0We will cover techniques that give you visibility to these threats and give you the ability to automatically block these malicious communications.<\/p>\n<p>Scott<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.\u00a0 If you inspect the DNS queries taking place over a network you can gain an understanding of which systems are [&hellip;]<\/p>\n","protected":false},"author":321,"featured_media":3187,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[17],"tags":[16,38,15],"class_list":{"0":"post-3603","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ipv6-coe","8":"tag-infoblox","9":"tag-ipv6","10":"tag-security","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Improved Security Through DNS Inspection (Part 1)<\/title>\n<meta name=\"description\" content=\"Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improved Security Through DNS Inspection (Part 1)\" \/>\n<meta property=\"og:description\" content=\"Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-29T16:21:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:31:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/IPv6-ARIN.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Scott Hogg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scott Hogg\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/\"},\"author\":{\"name\":\"Scott Hogg\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\"},\"headline\":\"Improved Security Through DNS Inspection (Part 1)\",\"datePublished\":\"2014-01-29T16:21:36+00:00\",\"dateModified\":\"2020-05-06T17:31:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/\"},\"wordCount\":993,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/IPv6-ARIN.jpg\",\"keywords\":[\"Infoblox\",\"IPv6\",\"Security\"],\"articleSection\":[\"IPv6 CoE\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/\",\"name\":\"Improved Security Through DNS Inspection (Part 1)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/IPv6-ARIN.jpg\",\"datePublished\":\"2014-01-29T16:21:36+00:00\",\"dateModified\":\"2020-05-06T17:31:36+00:00\",\"description\":\"Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/IPv6-ARIN.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/IPv6-ARIN.jpg\",\"width\":660,\"height\":454,\"caption\":\"The IPv6 Tipping Point Effect\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/improved-security-through-dns-inspection-part-1\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IPv6 CoE\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/ipv6-coe\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Improved Security Through DNS Inspection (Part 1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\",\"name\":\"Scott Hogg\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"caption\":\"Scott Hogg\"},\"description\":\"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.\",\"sameAs\":[\"https:\\\/\\\/hexabuild.io\"],\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/scott-hogg\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Improved Security Through DNS Inspection (Part 1)","description":"Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/","og_locale":"en_US","og_type":"article","og_title":"Improved Security Through DNS Inspection (Part 1)","og_description":"Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.","og_url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/","og_site_name":"Infoblox Blog","article_published_time":"2014-01-29T16:21:36+00:00","article_modified_time":"2020-05-06T17:31:36+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/IPv6-ARIN.jpg","type":"image\/jpeg"}],"author":"Scott Hogg","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Scott Hogg","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/"},"author":{"name":"Scott Hogg","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c"},"headline":"Improved Security Through DNS Inspection (Part 1)","datePublished":"2014-01-29T16:21:36+00:00","dateModified":"2020-05-06T17:31:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/"},"wordCount":993,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/IPv6-ARIN.jpg","keywords":["Infoblox","IPv6","Security"],"articleSection":["IPv6 CoE"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/","url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/","name":"Improved Security Through DNS Inspection (Part 1)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/IPv6-ARIN.jpg","datePublished":"2014-01-29T16:21:36+00:00","dateModified":"2020-05-06T17:31:36+00:00","description":"Virtually all networked applications use Internet Protocol (IP) communications and rely extensively on the Domain Name System (DNS) to determine the IP address to connect.\u00a0 DNS provides the mapping of human-readable\u00a0fully-qualified\u00a0host names to IP addresses.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/IPv6-ARIN.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/IPv6-ARIN.jpg","width":660,"height":454,"caption":"The IPv6 Tipping Point Effect"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/improved-security-through-dns-inspection-part-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"IPv6 CoE","item":"https:\/\/www.infoblox.com\/blog\/category\/ipv6-coe\/"},{"@type":"ListItem","position":3,"name":"Improved Security Through DNS Inspection (Part 1)"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c","name":"Scott Hogg","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","caption":"Scott Hogg"},"description":"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.","sameAs":["https:\/\/hexabuild.io"],"url":"https:\/\/www.infoblox.com\/blog\/author\/scott-hogg\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/321"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=3603"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3603\/revisions"}],"predecessor-version":[{"id":3604,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3603\/revisions\/3604"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/3187"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=3603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=3603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=3603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}