BruCON 0x0E

The domain name system, or DNS, is a critical component of the Internet ecosystem we use. Almost every single transaction and connection from email to online commerce makes use of DNS as an initial  a fundamental step. While the primary purpose in the eyes of the public is to mask the complexities of host addressing, it’s use has evolved to be critical for a whole lot more – one of the oldest and arguably the second most important component being its foundation for email delivery though the use of MX records.  In recent years we have seen the introduction and gradual adoption of several security measures rooted within and implemented by extending the DNS protocol.  These include DNSSEC, SPF, and more recently CAA. In essence the global domain Domain Name Systems should be regarded as critical infrastructure. However, for many organisations, especially those reliant on hosting providers, ISPs or MSPs, despite the requirement for functional DNS, the deployment and operation of the servers (as outlined in RFC 2182) and associated domain zones, are often neglected. This may be due to the ‘care and feeding’ been seen as 'too complex', mundane or unexciting in comparison to more exciting areas with ‘Cyber operations’ such as Threat Intelligence, Malware Analysis and ML/AI based security solutions.  The irony is these all have a strong dependence on DNS!

This talk has a dual focus initially presents an overview of the state of DNS operations for several ccTLD’s and in comparison, with top domains globally. A concern worth raising particularly considering the Global sanctions on the Russian Federation is to consider – where is ones DNS hosted physically and logically, and who has control? An evaluation of risk, particularly the dependency on key providers (for example about a third of the .no domains surveyed are hosted by a single provider), as well as adherence to good practice is presented.

The secondary part of the talk presents several short case studies of the adoption rate of security functionality (primarily the adoption of DNSSEC and CAA records) within and offered by DNS for ccTLDs investigated. As appropriate these are compared with adoption rates in neighbouring ccTLDs.
From the research undertaken a number of key operational and risk management principles and associated tests are offered with a specific focus on smaller organisations to enable better compliance with current best practice.

The research was undertaken using domain lists constructed and gathered from various public sources. These were then queried over a period in March to May 2022.