Home / Blogs

Leveraging DNS for Subscriber Loyalty

Keith Oborn

There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure?

DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. Remember, most of the time end users don't deliberately visit dubious sites; they do so accidentally. Either because they mistyped the name of a site or they clicked on a malicious link on a web page. In all these cases, an intelligent DNS server can simply redirect end users to pages that inform them that the site they tried to visit is potentially harmful.

Why is this better than using one of the traditional security software packages? Well, first off, end users didn't have to download and install anything. They don't have to worry about keeping the software and site lists up to date, and there's nothing slowing their PCs down. Even better, in most cases all the devices in a home use the same "Security Aware" DNS server, so they're all protected — even the games console in the teenager's bedroom. Traditional security software packages don't reach many of these things.

However, there are other ways malware can creep into the home — a laptop gets infected while on the road, someone is a bit incautious with a USB stick, and so on.

The purpose of malware is either to intercept data and observe the activities on PCs where it's installed, or to use a PC's resources to spread and provide a "botnet" for attacks on other parties on the Internet. In all cases, malware needs to communicate with a central point at some stage (called "command and control") to upload captured data, spread itself, or get instructions for the next attack. It uses the DNS to do this, so the DNS server will know where it intends to go before it actually goes there!

This means DNS servers can do several things to help: for known malware, they can block access to botnet command and control systems, thereby preventing the malware from doing any work. If the malware spreads itself by email (or if its job in life is to generate spam), the DNS server can detect the high rate of DNS "MX" (mail) queries, and in many cases recognize a pattern, and even prevent emails from being sent.

When a PC is discovered to be infected with malware, the DNS server can redirect all queries from the infected PC, to a warning web page with sources to disinfection software and other services.

DNS servers with fine-grained reporting capabilities can even be used to create web-based reports showing end users, for instance, the "bad" sites they've been protected from. These kinds of systems can be extended to allow individual users to add their own entries to the lists of "bad" sites, basically giving them their own personalized security service — the DNS server responds to their queries (and only his) according to their security lists and preferences.

All of this means ISPs can improve the user's experience, customer relations, potentially generate extra revenue and reduce churn. With a platform-based approach, it can be done incrementally aligned with other business initiatives.

By Keith Oborn, Sr. Infrastructure Architect at Nominum

Related topics: Access Providers, DNS, Email, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Hybrid Cloud Proves Clouds Are Worthy of Email Infrastructure

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

Non-English "IDN Email" Addresses Are Finally Working!

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Sponsored Topics


DNS Security

Sponsored by


Sponsored by


Sponsored by


Sponsored by
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines