{"id":3605,"date":"2014-01-30T13:51:03","date_gmt":"2014-01-30T13:51:03","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=3605"},"modified":"2020-05-06T10:31:36","modified_gmt":"2020-05-06T17:31:36","slug":"security-built-in-to-the-dns-servers-and-not-bolted-on","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/","title":{"rendered":"Security built-in to the DNS servers and not bolted-on"},"content":{"rendered":"<p>According to the\u00a0<a href=\"http:\/\/www.arbornetworks.com\/resources\/infrastructure-security-report\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">2014 Arbor Worldwide Infrastructure Security Report<\/a>, DNS is the second-most-popular attack vector.<\/p>\n<p>&nbsp;<\/p>\n<p>Given\u00a0the\u00a0importance of DNS in helping customers, prospects, and partners find your business, blocking DNS queries on the mere suspicion of attack is like closing the door in your customers\u2019 faces.<\/p>\n<p>Most of these attacks manifest themselves as \u201cwebsite not found.\u201d Even the early reports on the\u00a0<a href=\"http:\/\/www.theguardian.com\/technology\/2013\/aug\/28\/twitter-newyorktimes-hack-syrian-electronic-army\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><em>New York Times<\/em>\u00a0attack<\/a>\u00a0that happened in August of 2013 got reported as web-server failure. But the investigation process ultimately led to the DNS servers not been able to serve queries as the root cause.<\/p>\n<p>Typically this kind of investigation requires network teams and security teams to cross organizational boundaries. Moreover, a lot of DNS offerings do not have a simple way to monitor the status of the service, which leads to further delay. Surprisingly, according to the Arbor survey:<\/p>\n<p>Approximately 26 percent of respondents indicated that there is no security group within their organizations with formal responsibility for DNS security, up from 19 percent last year. This increase is surprising given the number of high-profile DNS reflection\/amplification attacks seen during the survey period.<\/p>\n<p>The responsibility for the DNS infrastructure sometimes is owned by the Windows team or the servers team if customers use built-in Microsoft server features. But as businesses scale and security concerns become evident, they start migrating to the commercial versions. And as this happens, responsibility transitions over to network teams that are focused on more general methods of ensuring availability. As a side effect, the special security requirements of DNS do not find a home.<\/p>\n<p>With port 53 wide open in the firewalls, these orphaned DNS servers are exposed to all types of attacks and exploits.<\/p>\n<p>Our approach at Infoblox is to address\u00a0this problem holistically by building security within the DNS application itself. Infoblox Advanced DNS Protection offers self-protecting DNS servers of different capacities to match different deployment sizes. With advanced security techniques for threat detection and mitigation, they continue to perform even under attack by distinguishing attack queries from good traffic and dropping the attack traffic while continuing to serve legitimate queries.<\/p>\n<p>So get smart and ready for the potential DNS attack by securing it from within!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector. &nbsp; Given\u00a0the\u00a0importance of DNS in helping customers, prospects, and partners find your business, blocking DNS queries on the mere suspicion of attack is like closing the door in your customers\u2019 faces. Most of these attacks manifest themselves as \u201cwebsite not found.\u201d [&hellip;]<\/p>\n","protected":false},"author":254,"featured_media":3212,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[30,16,15],"class_list":{"0":"post-3605","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-dns","9":"tag-infoblox","10":"tag-security","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Security built-in to the DNS servers and not bolted-on<\/title>\n<meta name=\"description\" content=\"According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security built-in to the DNS servers and not bolted-on\" \/>\n<meta property=\"og:description\" content=\"According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-30T13:51:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:31:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cloud-computers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Renuka Nadkarni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Renuka Nadkarni\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/\"},\"author\":{\"name\":\"Renuka Nadkarni\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/111901fc66473b7a5d5d6cf2ae869ef9\"},\"headline\":\"Security built-in to the DNS servers and not bolted-on\",\"datePublished\":\"2014-01-30T13:51:03+00:00\",\"dateModified\":\"2020-05-06T17:31:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/\"},\"wordCount\":372,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cloud-computers.jpg\",\"keywords\":[\"DNS\",\"Infoblox\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/\",\"name\":\"Security built-in to the DNS servers and not bolted-on\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cloud-computers.jpg\",\"datePublished\":\"2014-01-30T13:51:03+00:00\",\"dateModified\":\"2020-05-06T17:31:36+00:00\",\"description\":\"According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cloud-computers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cloud-computers.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/security-built-in-to-the-dns-servers-and-not-bolted-on\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security built-in to the DNS servers and not bolted-on\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/111901fc66473b7a5d5d6cf2ae869ef9\",\"name\":\"Renuka Nadkarni\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g\",\"caption\":\"Renuka Nadkarni\"},\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/renuka-nadkarni\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security built-in to the DNS servers and not bolted-on","description":"According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/","og_locale":"en_US","og_type":"article","og_title":"Security built-in to the DNS servers and not bolted-on","og_description":"According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/","og_site_name":"Infoblox Blog","article_published_time":"2014-01-30T13:51:03+00:00","article_modified_time":"2020-05-06T17:31:36+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cloud-computers.jpg","type":"image\/jpeg"}],"author":"Renuka Nadkarni","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Renuka Nadkarni","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/"},"author":{"name":"Renuka Nadkarni","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/111901fc66473b7a5d5d6cf2ae869ef9"},"headline":"Security built-in to the DNS servers and not bolted-on","datePublished":"2014-01-30T13:51:03+00:00","dateModified":"2020-05-06T17:31:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/"},"wordCount":372,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cloud-computers.jpg","keywords":["DNS","Infoblox","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/","url":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/","name":"Security built-in to the DNS servers and not bolted-on","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cloud-computers.jpg","datePublished":"2014-01-30T13:51:03+00:00","dateModified":"2020-05-06T17:31:36+00:00","description":"According to the\u00a02014 Arbor Worldwide Infrastructure Security Report, DNS is the second-most-popular attack vector.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cloud-computers.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cloud-computers.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/security-built-in-to-the-dns-servers-and-not-bolted-on\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"Security built-in to the DNS servers and not bolted-on"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/111901fc66473b7a5d5d6cf2ae869ef9","name":"Renuka Nadkarni","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g","caption":"Renuka Nadkarni"},"url":"https:\/\/www.infoblox.com\/blog\/author\/renuka-nadkarni\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/254"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=3605"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3605\/revisions"}],"predecessor-version":[{"id":3606,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3605\/revisions\/3606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/3212"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=3605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=3605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=3605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}