DNS, domain name systems translated domain names to IP addresses. It is the most important internet service, as any organization can afford the downfall of DNS. Because it can stop access potentially to critical web-based links. Domain names are addresses which we use daily like yahoo.com. In Pakistan the well-known domain is cheap and standardized, which is .pknic it helps in .pknic domain check, .pknic domain provider, .pknic domain renewal and other beneficial allowances. This also provides safety from attacks and guide for the best. These vests interest for the betterment of internet stakeholders for .pk domains.

After DNS registration, now second most important is its security. Infiltrating the DNS process of query to redirect users to fake websites, called DNS poisoning attack. DNS is mapping between hostnames, IP addresses (both IPv4 and IPv6), text records, name server information (NS records), mail exchange information (MX records) and security key information defined in Resource Records (RRs). Another attack on DNS is resource utilization attacks on the device which opens resolves consume resources. There other more type of attacks that destroy DNS a lot. More than discussing about types of attack, precaution and practices to stop attacks on DNS server. Following are 5 best practices for security of DNS.

Private and Protected:

Keep the resolver private and protected. The usage should be restricted to users only on the network to prevent its cache being poisoned your organization by hackers. It’s should be restricted or only not open for external users. The measurement factory’s online tool helps in checking the resolvers on networking use.

Audit DNS Zones:

The most important thing is to review apart from the DNS server core configuration in your DNS zone. Explore DNS public record by using security trails; review all the zones, IPs and records. Prevent by configuring DNS servers to negate zone transfer request.

Protect from Cache Pollution:

Increasing DNS cache pollution is very common problem. Before forwarding the response to host issuing the query, most DNS servers able to cache the results of queries of DNS. Mostly DNS server configured to prevent pollution of cache. For example; by opening the properties of dialog box for DNS server, can configure to prevent cache pollution of window 200 DNS server.

Servers Up-to-Date:

Update versions of DNS come equipped with randomization of port and cryptographically secure transaction IDs to help avoid against DNS attackers. Always use latest u-to-date servers. Weak password can also put the organization in jeopardy.

Use DNS Forwarders:

DNS forwarders are DNS servers which perform queries of DNS on the behalf of another DNS server. This is especially important if DNS server is hosting internal domain DNS resource records. Instead of permitting internal DNS servers to perform recursion and DNS servers contacting itself. Arrange the internal DNS server to use forwarder for which it is not authoritative for all domains.

Another benefit of usage of DNS forwarder is it prevents the DNS server forwarding requirements from interrelating with Internet DNS servers.

Conclusion:

A hierarchical naming system for computers, services and more internet resources is Domain Name System. It’s a phonebook of internet. Stay alert with cyber security threats and the modern risk-mitigation techniques to save from attacks.