Home / Blogs

Leveraging DNS for Subscriber Loyalty

Keith Oborn

There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure?

DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. Remember, most of the time end users don't deliberately visit dubious sites; they do so accidentally. Either because they mistyped the name of a site or they clicked on a malicious link on a web page. In all these cases, an intelligent DNS server can simply redirect end users to pages that inform them that the site they tried to visit is potentially harmful.

Why is this better than using one of the traditional security software packages? Well, first off, end users didn't have to download and install anything. They don't have to worry about keeping the software and site lists up to date, and there's nothing slowing their PCs down. Even better, in most cases all the devices in a home use the same "Security Aware" DNS server, so they're all protected — even the games console in the teenager's bedroom. Traditional security software packages don't reach many of these things.

However, there are other ways malware can creep into the home — a laptop gets infected while on the road, someone is a bit incautious with a USB stick, and so on.

The purpose of malware is either to intercept data and observe the activities on PCs where it's installed, or to use a PC's resources to spread and provide a "botnet" for attacks on other parties on the Internet. In all cases, malware needs to communicate with a central point at some stage (called "command and control") to upload captured data, spread itself, or get instructions for the next attack. It uses the DNS to do this, so the DNS server will know where it intends to go before it actually goes there!

This means DNS servers can do several things to help: for known malware, they can block access to botnet command and control systems, thereby preventing the malware from doing any work. If the malware spreads itself by email (or if its job in life is to generate spam), the DNS server can detect the high rate of DNS "MX" (mail) queries, and in many cases recognize a pattern, and even prevent emails from being sent.

When a PC is discovered to be infected with malware, the DNS server can redirect all queries from the infected PC, to a warning web page with sources to disinfection software and other services.

DNS servers with fine-grained reporting capabilities can even be used to create web-based reports showing end users, for instance, the "bad" sites they've been protected from. These kinds of systems can be extended to allow individual users to add their own entries to the lists of "bad" sites, basically giving them their own personalized security service — the DNS server responds to their queries (and only his) according to their security lists and preferences.

All of this means ISPs can improve the user's experience, customer relations, potentially generate extra revenue and reduce churn. With a platform-based approach, it can be done incrementally aligned with other business initiatives.

By Keith Oborn, Sr. Infrastructure Architect at Nominum

Related topics: Access Providers, DNS, Email, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Officially Compromised Privacy

Zero Rating: Something Is Better Than Nothing! Or Is It?

The Emotional Cost of Cybercrime

Why I Wrote 'Thinking Security'

Regulation and Reason

Related News


Industry Updates – Sponsored Posts

To Where are Bounce Messages Sent?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

An Open Source Perspective on Commercial MTAs

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Five Essential PowerMTA Configuration Tips

Protect Your Privacy - Opt Out of Public DNS Data Collection

What's New With Port25's PowerMTA v4.5

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Measuring DNS Performance for the User Experience

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Internet Grows to 296 Million Domain Names in Q2 2015

New Feature in PowerMTA v4.5: IP Based Rate Limiting

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Case Study: Emergency Response Systems Rely on Timely Messaging Through PowerMTA

Port25 Announces Next Major Release of Its Email Delivery Solution, PowerMTA

Introducing the Verisign DNS Firewall

Case Study: How PowerMTA Transparent Deliverability Metrics Paves Way for Email Service Provider

Sponsored Topics