BSidesSF 2018

The Internet as we know it would come to a screeching halt if DNS failed for any extended period yet we give little thought to the configuration, monitoring and security of our critical DNS services. From a practical standpoint, DNS is extremely insecure and can be exploited in many nefarious ways. This talk will examine some to the more common ways that DNS can be exploited. We will then discuss some strategies for securing DNS both from an authoritative as well as a recursive perspective.

This will cover both directed attacks against DNS services as well as attacks designed to mislead or misdirect service users. We will also examine ways to protect our networks against some of the more common DNS attacks. Finally, we will look at some ways in which we can easily monitor our DNS traffic for signs of compromise. The goal is for everyone to come away with a better appreciation for the need to secure DNS and have a road map for doing just that.