MSP Insights: Managing Internet Domains & DNS at Scale
The core of any business
Internet domain names and DNS are at the core of any business' connection to their customers, but most don't give the security of those assets the attention they deserve.
Aside from the initial time spent deciding on a clever or easy to remember domain name, and whether it ends in, a .com, .net, .info, or .whatever, they probably haven't given it a second thought or taken the time to understand how it all works. But as a Managed Service Provider responsible for their clients’ business technology, you should.
The world is full of hackers, spammers, and spoofers that take advantage of this oversight. Without implementing the correct policies, any one of these attackers, and anyone else, can use a business’ domain name to send spam or impersonate actual employees. Even more, DNS (Domain Name System), the Internet's core protocol for managing domain names and translating memorable URLs to IP addresses, is hardly designed to prevent unauthorized use of any domain name.
Your clients’ domain name is a key part of their business's presence in the world. To borrow from Shakespeare, "What's in a domain name?” - let’s explore the parts that make the machine work.
Domain Registrars and DNS
Domain Name Registrars provide the services necessary to purchase and register unique names. They also often serve as the primary host for the name servers that hold DNS records that guide visitors to right the IP address. Without a friendly domain name, visitors to a site would be forced to remember an IP address that can be up to 12 digits long! And that was before IPv6 was released (I'm pretty sure telling your customers that your website can be found at 2001:0db8:85a3:0000:0000:8a2e:0370:7334 would be somewhat inconvenient).
Securing Communications with TLS/SSL
TLS/SSL Digital Certificates rely on information recorded by a Domain Registrar about who owns the domain name. These certificates are issued by trusted organizations called Certificate Authorities (CA). A CA will not issue a certificate that can be used for a specific host name or URL without verifying that the person who is purchasing the certificate has permission to do so. Once issued by a valid CA, a digital certificate is necessary to protect the integrity and confidentiality of data transmitted over the Internet. Once installed and configured on a webserver, a Digital Certificate contains two “keys” that are used to encrypt and decrypt data. Learn more about TLS/SSL Digital Certificates »
The third component that relies on the domain name is SMTP (Simple Mail Transport Protocol), the protocol used to send and receive email. SMTP is particularly prone to domain abuse tactics and "phishing" attacks, where an attacker impersonates a legitimate entity to steal credentials, private information, or trick users into installing malware/ransomware. These kinds of attacks have increased by over 2000% since 2014.