If you are a network manager, you already know about the domain name system (DNS). However, if you are not, DNS is basically the internet’s equivalent of a telephone directory – it’s where the names of computers and their IP addresses are stored.
This time we will talk about a DNS tool that would help you sort through and analyze all that enormous data – Turing.
DNS data can be used by network managers to get a better understanding of what’s happening on their networks. The problem is that the pure volume of data often makes it very challenging to do, especially when you consider the number of log files and security data that has to be examined. In large companies with vast networks, it’s actually fairly common to have multiple servers running, which makes the task that much harder.
There weren’t many tools available to assist in the analyzing of DNS data real-time before, especially when an in-depth check was required. However, thanks to the complex big data techniques, there is now a tool that can analyze a terabyte of DNS data real-time – Turing.
Below we will examine three new things that Nominet, the United Kingdom’s domain name registry, has found while developing and testing this new technology.
Detect botnets and spam runs
When a spam run occurs, massive amounts of emails are sent out to a list of addresses, but those are pre-defined and often outdated. Because of this, requests for domains that no longer exist are extremely high.
Recognizing these patterns can assist in detecting any botnet infections you may have on your network. This allows your network administrator to be able to identify the compromised machines and remove the source of malware or spam.
Possibilities for network optimization
DNS data can show any traffic anomalies on your network and help you determine the reason for network latency. It will aid you in getting rid of transmission and processing delays and improve quality of service for the network users.
Healthy DNS traffic has a consistent pattern. When something deviates from it, this could mean a software vulnerability. It might also indicate a poor configuration of your server, which exposes you to needless risks. For example, problems with Google’s public DNS along with a hidden bug in Bind, a widely used DNS software, were discovered and fixed thanks to the thorough examination of DNS.
Historically, meaningful DNS analysis has been challenging, so it wasn’t very effective in the network optimization strategies or cyber defense. However, these insights provide new efficient ways of repairing vulnerabilities, dealing with network latency, and stopping spam. If you have your own ideas on how to use this new DNS tool, don’t hesitate to share in the comments below!