DNS Hijacking (Part 1)
A records are a critical part of DNS.
- Recently there have been a series of targeted attacks against DNS infrastructure in which unauthorized modifications were made on hosted DNS solutions. These modifications to DNS records were made to allow malicious entities to perform man in the middle attacks. By changing your A records to direct your users or customers to their servers and combine that A record hijack with easily obtained https certificates they were able to steal credentials and intercept any traffic that users considered safe and secure.
- Infoblox is offering you a secure and hardened platform that makes it harder for attackers to compromise your core as well as a reliable audit log that can show you exactly who made each change. We are also providing you with our zone association feature which gives you the ability to tie networks to zones and prevents users and admins from creating A records that point outside of the list of approved networks you define for that zone.
- We are also offering you an indispensable tool to audit your zones, check out https://community.infoblox.com/ We are giving away a script that you can run against your gridmaster, given a list of networks, will tell you which A and CNAME records are not pointing to your own networks. We are also providing you with a second script that integrates with NetMRI and performs this check at regular intervals to make sure you are alerted whenever a record is introduced that does not match your policies.