Data
Reader small image

You're reading from  Hands-On Cybersecurity with Blockchain.

Product typeBook
Published inJun 2018
Publisher
ISBN-139781788990189
Edition1st Edition
Tools
Hyperledger
Concepts
Blockchain
Right arrow
Author (1)
Rajneesh Gupta
Rajneesh Gupta
author image
Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity." As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.
Read more about Rajneesh Gupta

Right arrow

Chapter 8. Blockchain-Based DNS Security Platform

The Domain Name System (DNS) is mainly designed to resolve a host name query to an IP address. Internet users need to have domain names, such as www.packtpub.com, but the internet needs an IP address to route the request to the desired destination. This way, DNS becomes the phonebook of the internet and allows everyone to use it globally; however, this also leaves a high possibility of it getting misused. In this chapter, we will learn about the DNS infrastructure, the core components, challenges with the existing system, and how blockchain can transform its current functionality.

In this chapter, we will cover the following topics:

  • DNS
  • DNS structure and hierarchy
  • DNS topology for large enterprises
  • Challenges with the current DNS solution
  • Blockchain-based DNS solution
  • Labs

DNS

DNS is the heart of the internet. If DNS is unavailable, each one of us will have a hard time finding resources on the internet. Being a massive phonebook of the internet, our entire online system relies heavily on DNS. Because of DNS namespaces, none of us have to remember a list of IP addresses; instead, we just have to remember the names of web pages.

For IT and security professionals, it is important to understand the basic structure, function, and operations of DNA. It is a hierarchical database with delegated authority. As per the scope of this chapter, we will be consider enterprise DNS deployments and its functions. There are two ways organizations can manage their DNS infrastructures: by allowing their Internet Service Provider (ISP) to manage it or by managing it internally. Any configuration mistakes or failure in the ISP network can turndown the organization's internet infrastructure.

With the growing number of internet users, DNS became the backbone of organizations on the...

Understanding DNS components

The DNS is more than just a protocol, it consists of several independent entities working together to deliver a scalable and reliable domain name database. In its simplest form, there are three core components of the DNS: the namespace, server, and resolver.

Namespace

A namespace is a structure of the DNS database. It is represented in the form of an inverted tree with its root node at the top. Each node in the tree has a label and the root node has a null label. Take a look at the following diagram:

A domain name is the sequence of labels starting from a node to the root, separated by dots. The namespace can have a maximum depth of 127 levels and domain names can be of a size not more than 255 characters in length:

Name servers

Name servers are responsible for storing information about the namespace in the form of zones. There can be multiple name servers and ones that load a complete zone are said to be authoritative for the zone. Generally, there is more than one...

DNS structure and hierarchy 

Similar to the internet's DNS infrastructure, organizations also deploy their internal DNS infrastructures. To deploy an internal DNS infrastructure, organizations can select any domain hierarchy; however, once connected to the internet, they have to follow the common DNS framework . Let's understand the name server hierarchy.

Root name server

With consistent namespaces across the internet, the root name server directly responds to requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate TLD.

In order to modify the root zone, a zone file has first to be published over the internet. The root zone file is published on 13 servers from A to M across the internet.

The root zone contains the following information:

  • Generic top-level domains such as .com, .net, and .org
  • Globally recognized TLDs
  • Country code TLDs,  two-letter codes for each country such as .in for India or .no for Norway
  • Globally...

DNS topology for large enterprises

For IT professionals, understanding DNS queries and the types of name server takes us most of the way to organizational DNS best practices:

  • Network topology: Redundancy plays a critical role in domain infrastructure. Even if one server fails, another takes control to keep the service up and running. BIND (widely used DNS software) supports high redundancy through a master-slave relationship. The master NS updates the change in mapping to one or more slave servers through the zone transfer mechanism.
  • Configuration files: BIND's configuration is storedin a file callednamed.conf. This named.conf file helps the server to recognize the authoritative and/or caching server and whether it is the master or slave for any specific zone. The file points to zone files that contain the real mapping database. It contains lines or records that define name-to-address and address-to-name mapping for a specific domain.

Architecture

With the changing technology and network transformation...

Challenges with current DNS 

Today, DNS has become the backbone of the internet and organization's networks. The DNS is mission-critical infrastructure that no organization can function without. However, despite growing investment in network and information security, attackers still manage to invade the network, and the DNS remains a vulnerable component in the network infrastructure that is often used as an attack vector. Firewalls leave port 53 open and never look inside each query. Let's look at one of the most widely used DNS-based attacks:

DNS spoofing 

When a DNS server's records are altered to redirect the traffic to the attacker's server, the DNS gets hijacked. This redirection of traffic allows the attacker to spread malware across the network. DNS spoofing can be carried out in one of the following three ways:

  • DNS cache poisoning: An attacker can take advantage of cached DNS records and can then perform spoofing by injecting a forged DNS entry into the DNS server. As a result, all...

Blockchain-based DNS solution

Blockchain technology has the capabilities to transform several industries and in this chapter, we are going to use it for managing a name server to overcome some of the most critical DNS challenges. DNSChain is one of the most active projects to transform the DNS framework and protect it from spoofing challenges.

DNSChain is a blockchain-based DNS software suite that replaces X.509 public key infrastructure (PKI) and delivers MITM proofs of authentication. It allows internet users to set a public DNSChain server for DNS queries and access that server with domains ending in .bit.

X.509 PKI replacement

X.509 is a standard framework that defines the format of PKI to identify users and entities over the internet. It helps internet users to know whether the connection to a specific website is secure or not. DNSChain has the capability to provide a scalable and decentralized replacement that doesn't depend on third parties.

MITM-proof DNS infrastructure

This uses a public...

Lab on Ethereum-based secure DNS infrastructure

DNS infrastructure has been the most targeted asset of organizations. Traditional DNS is vulnerable to several sophisticated threats. The current DNS system is hierarchical and the system root server becomes the high-value attack vector. Since the entire infrastructure is centralized, even a slight failure can lead to whole system failure. A group of engineers, Greg Siepak and Andrea Devers, have developed an Ethereum-based DNS platform to connect client and name server without any involvement of a third party in between. The project is named DNSChain and is hosted over GitHub at https://github.com/okTurtles/dnschain.

Lab preparation

Configure the DNSChain server in Ubuntu. It will run the PowerDNS Recursor, issuing DNS queries for .com and .net domains as you would expect, but consulting the local Namecoin blockchain to resolve .bit domains.

We will start with a fresh copy of Ubuntu LTS. In our lab, we will deploy this Ubuntu system over Amazon...

Summary

In this chapter, we learned about the DNS framework and its core components. We understood that any compromised DNS server can result in massive damage to infrastructure and how the blockchain can solve some of these critical challenges with its fundamental advantages.

Questions

The DNS is the backbone of the internet and also one of the most complex protocol frameworks. With every new attack vector, the DNS prepares itself to be stronger and more comprehensive. Readers can look up the following questions:

  1. What is a DNS tunneling attack?
  2. Can blockchain be used to deploy an entire DNS infrastructure, and if so, how?

Further reading

Read the following articles to find out more about DNS-OARC and ISC:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 12 of 17
Next Chapter
You have been reading a chapter from
Hands-On Cybersecurity with Blockchain.
Published in: Jun 2018Publisher: ISBN-13: 9781788990189
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity." As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.
Read more about Rajneesh Gupta

Other recommended products

Related to this chapter

Learn Bitcoin and Blockchain

Learn Bitcoin and Blockchain

Blockchain and Bitcoin are currently the talk of the town. This book will start with an introduction to the fundamental concepts of Blockchain and it will take you through its various features and challenges. By the end of this book, you will learn to implement the Blockchain technology for securing your cryptocurrency.

BookAug 201894 pages
Preventing Digital Extortion

Preventing Digital Extortion

In today’s digital age, hacking into data, encrypting it, and making it inaccessible is becoming more and more commonplace. Irrespective of the scale of your business, such an attack can prove very costly. If you want to save yourself from such cyber extortion, it is important to gain insights into various attacks and their impact on your business. This book gives you a brief overview of the process and will also teach you to mitigate and eliminate such attacks.

BookMay 2017360 pages
Solidity Programming Essentials

Solidity Programming Essentials

Solidity is a new contract-oriented programming language popular for creating smart contracts and distributed applications. Writing smart contracts targeting Ethereum and other blockchain platforms is an emerging skill. This book will enable you to write robust, secure, object-oriented contracts that extend blockchain with business functionality.

BookApr 2018222 pages
Foundations of Blockchain

Foundations of Blockchain

Blockchain technology is a combination of three popular concepts: cryptography, peer-to-peer networking, and game theory. This book is for anyone who wants to dive into blockchain from first principles and learn how decentralized applications and cryptocurrencies really work. Learn blockchain from first concepts to algorithms explained in Python.

BookJan 2019372 pages
Managing Mission - Critical Domains and DNS

Managing Mission - Critical Domains and DNS

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will start with the basic anatomies of domain name servers and the request mechanism of DNS servers. You will also cover different factors associated with DNS servers such as security, strategy, and DNS queries.

BookJun 2018368 pages
Hyperledger Cookbook

Hyperledger Cookbook

The book not only implements Hyperledger Fabric, but also shows you how to build and model a blockchain network with Composer. You will master several business blockchain technologies under the Hyperledger umbrella, including Sawtooth, Iroha, decentralized Identity Hyperledger Indy, and Ethereum smart contract machine Burrow etc.

BookApr 2019310 pages
Blockchain across Oracle

Blockchain across Oracle

Blockchain across Oracle is a professional orientation for Oracle developers to get up to speed with the details and implications of the Blockchain across Oracle. Learn everything from Blockchain concepts, through to working with Oracle Blockchain Cloud Service, expert guidance on the effects of the Blockchain on key markets, and the impact to Oracle customers.

BookOct 2018530 pages
Oracle Blockchain Services Quick Start Guide

Oracle Blockchain Services Quick Start Guide

Blockchain empowers enterprises to scale out in a unique way, allowing them to build and manage blockchain business networks. This book offers an exploration of distributed ledger technology, blockchain, and Hyperledger fabric along with blockchain-as-a-service (BaaS).

BookSep 2019350 pages
Securing Blockchain Networks like Ethereum and Hyperledger Fabric

Securing Blockchain Networks like Ethereum and Hyperledger Fabric

The adoption of blockchain for the value chain, insurance, and healthcare domain is flourishing. However, one of the key challenges faced in blockchain development is securing them. The book will cover essential architectural considerations, system and network security, various operational configurations to Ethereum and Hyperledger fabric network.

BookApr 2020244 pages
Blockchain for Decision Makers

Blockchain for Decision Makers

This book will cover use-cases on how blockchain is currently being used in the industry - catering to key decision-makers within an organization. It also addresses the real problems and technical difficulties in implementing blockchain, and the various blockchain strategies being adopted by popular organizations all over the world.

BookSep 2019184 pages
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

BookSep 2018250 pages
Practical Industrial Internet of Things Security

Practical Industrial Internet of Things Security

This book provides you with a comprehensive understanding of Industrial IoT security; and practical methodologies to implement safe, resilient cyber-physical systems. It will help you develop a strong foundation and deeper insights on the entire gamut of securing connected industries, from the edge to the cloud.

BookJul 2018324 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages