The Domain Name System (DNS) is the backbone of the modern internet. Over the years, it has evolved to make networked computing accessible to everyday users. However, it has also introduced new DNS security threats, such as distributed denial-of-service (DDoS) attacks, schemes designed to redirect users to malicious websites and more.

Despite these risks, the current configuration of the DNS is deeply embedded into the fabric the internet as we know it. That fabric, however, is poised for a fundamental shift in the near future if certain government agencies succeed in establishing their own DNS separate from the familiar, independently operated system that powers the web today.

The Dawn of DNS

Before the DNS, navigating the internet was a laborious task. In the early days of networked computing, messages were sent from computer to computer manually. The Unix-to-Unix-Copy program used bang addressing, which took the form of “!name!name2!name3,” to specify the route in which a message was sent, going from one computer to another. It required the sender to know the map of what the internet looked like from the origin to the destination — a daunting task for all but the savviest of computing experts.

In 1984, four graduate students at the University of California, Berkeley came up with the Berkeley Internet Name Domain (BIND) program, using the Internet Engineering Task Forces (IETF) 1983 specifications. This moved the mechanism of naming internet-connected nodes away from the topological approach to a method that was based on hierarchical records. It also decentralized the mechanism so that each node was not required to keep a copy of the entire routing database.

Additionally, BIND introduced the concept of mapping the data in the namespace to the actual IP addresses of nodes. This is one of the most powerful concepts behind DNS today: Instead of dealing with an ever-changing universe of numerical addresses, people can navigate to destinations that have static and understandable names. Different users can also receive different translations of identical domain names at the same time, a key point of divergence from the traditional text-file view of the service.

It could be argued that the internet as we know it could not have happened without this element. It simplified the task of navigating the internet and made it possible for multiple users to connect to the same destination simultaneously.

The Controlled Chaos Behind DNS Requests

An individual DNS query can be nonrecursive, recursive, iterative or a combination of these. Simple lookups are possible, but it usually requires a few additional steps.

First, the top-level domain (the information to the right of the dot in an address) is discovered via a query to a root server. That root server may refer the question to another server that is dedicated to the top-level information requested.

It’s important to note that all this recursion may decrease performance. Special caches are often implemented lower down in the network to prevent unnecessary queries to the root server, which could otherwise occur when multiple elements are displayed on the same website.

The recursion process can be exploited in a DDoS attack, in which requests for a target endpoint go flying around the internet at ridiculous speeds. DDoS attackers use DNS servers to cause congestion on the target system by amplifying server response traffic. To make things worse, cybercriminals have many tricks up their sleeves to magnify DNS-based DDoS attacks. For example, an attacker might seek as much zone information as possible in the kickoff request, which would then boost the record response sent to the target, keeping it blocked with useless information.

The Evolution of DNS Security

The DNS as originally conceived was fundamentally insecure. For example, there was no real way to verify that the data found in a given cache was correct. The Domain Name System Security Extensions (DNSSEC) suite addresses this problem. It provides name service clients with origin authentication of data, authenticated denial of existence and data integrity. It is not designed to provide confidentiality of the actual served data, however.

These servers are great choke points to stop traffic from going to known malicious sites. IBM recently partnered with Packet Clearing House (PCH) and the Global Cyber Alliance (GCA) to create Quad9, a DNS service that blocks access to questionable sites. The service does not keep records of who requested to access to these sites, so user privacy is intact.

Quad9 leverages threat intelligence from IBM and other sources to prevent users from navigating to malicious sites. Name service requests are usually sent to the address, but the service kicks in when requests are sent to This system uses a go/no-go mechanism to resolve names into IP addresses based on known threats. If a request is made to access an IP address that does not have any documented problems, it gets a response. If the address is problematic, no IP address is returned.

Building a New DNS, BRIC by BRIC

The U.S. ceded DNS control to the independent Internet Corporation for Assigned Names and Numbers (ICANN) in October 2016. However, Bleeping Computer reported that the members of BRICS — Brazil, Russia, India, China and South Africa — is working to develop its own name service system by August 2018. These nations would be taken out of the worldwide system, allowing them to direct internet traffic wherever they decide. This underscores the importance of a global DNS, since the BRICS system would place a chokehold on information, allowing governments to control where data is sent and received.

The current system has been so deeply ingrained into the fabric of the internet that few have even considered what life would be like without it. As it turns out, that day of reckoning may be coming sooner than many technology specialists think.

More from Network

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

4 min read - View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

4 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

7 min read - View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

7 min read