The 40-Year-Old Protocol

In the realm of technology, where innovation often means obsolescence, there exists a protocol that has stood the test of time, a digital dinosaur that continues to roam the internet's vast landscape with unwavering resilience. I'm talking, of course, about the Domain Name System, or DNS, the unsung hero that translates human-friendly URL’s and domain names into machine-readable IP addresses (and much more).

In 1983, the world met the blockbuster movie The Return of the Jedi, Michael Jackson’s Triller, and the first personal computer with a graphical user interface, the Apple Lisa. At the same time, an important concept was conceived by the visionary and future Internet Hall-of-Famer Paul Mockapetris. In the early days of the Internet (or as what it was known at the time, ARPANET), users either memorized IP addresses or relied on the HOSTS file to translate names to IP addresses. Paul predicted (correctly) that this solution would not scale, and proposed in RFC 882 and 883 the concept of a globally distributed naming system, DNS.

This concept was further refined 4 years later in 1987 into two sets of standards documents, RFC 1034 and 1035, which we still use to this day. 40 years later, while the internet has undergone a metamorphosis since its early days, DNS has remained largely unchanged, which is both a testament to its robust architecture and a digital miracle.

Now, let's contrast DNS with its younger sibling, the Hypertext Transfer Protocol, or HTTP. Unlike DNS, HTTP has undergone several revisions, adapting to the ever-evolving demands of the web. HTTP, initially conceived in 1991, has seen numerous revisions, each bringing significant changes to enhance its functionality and performance. HTTP/1.0, the first widely adopted version, introduced basic web page retrieval and navigation. HTTP/1.1, released in 1997, introduced persistent connections, caching, and chunked transfer encoding, improving performance and reducing server load. In 2015, HTTP/2 marked a major leap forward, introducing multiplexing, header compression, and server push, enabling faster page loading and more efficient use of network resources. The latest revision, HTTP/3, introduced in 2018, leverages the QUIC protocol, providing a more secure and reliable transport layer, reducing latency and improving performance over unreliable networks. This is to say nothing of HTTPS, the secure version of HTTP, which has been around since 1994, and now dominates the Internet more than HTTP.

DNS, on the other hand, has seen very few changes since the 1980’s. In 2002, EDNS0 (Extension Mechanisms for DNS Version 0) was added to the standards, but its adoption was so slow that as of 2019 the DNS community had to have a “DNS Flag Day” to formally announce that everyone has to support the then 17-year-old update. There is also DNSSEC (DNS Security Extensions), which was released in 2005, and is even less supported than EDNS0. As of 2023, fewer than 1% of domains accessible on the Internet have been signed with DNSSEC.

As you may imagine, a 40-year-old protocol has its flaws. While DNS scales amazingly (and perhaps even beyond Paul Mockapetris’ own expectations), it lacked security features. For such a foundational protocol that we cannot easily update or replace, this is a serious problem.

This is why my good friend Ross and I have written a book on this very topic. Our book, The Hidden Potential of DNS In Security: Combating Malware, Data Exfiltration, and more - The Guide for Security Professionals, divides DNS security exploits into 5 general categories:

1. Service Impediment: the attacker’s intent is on slowing down or stopping the DNS service.

2. Implementation Vulnerabilities: these attacks are specific for the DNS product, software, or architecture and design.

3. DNS as a Transport: the attackers use DNS messages as carriers for malicious payloads such as C2 communication.

4. Redirection (or Misdirection): this technique can be used by attackers to misdirect victims to malicious destinations, or by defenders to redirect victims back to safety.

5. Data Privacy: DNS has no privacy built-in and this information leakage can be misused.

Our book is available on Amazon now, you may search for “DNS in Security” and find it, or use this link.