Back to Posts List

How Domain Name Security Helps Prevent DNS Hijacking

Share this article




Last updated March 24th, 2023 by Francis King in Guides, Security

Domain name security

You're probably aware of some security best practices to keep your business's digital presence safe. This might include uptime monitoring, security checks, and many others.

But what about domain name security? Securing your business's domain name helps prevent commonplace domain hijacking and the associated chaos that comes with this specific type of cybercrime.

After all, if a cybercriminal hijacks your business's domain, they can control your brand and business identity and access all your emails and sensitive customer data.

Read on to learn how to secure your company's domain name for peace of mind.

First, we'll cover what DNS is.

What is DNS?

The DNS is an internet protocol that facilitates users to connect to websites.

When a user sends a connection request, the DNS server sends a recursive DNS query to the network to establish which network address or IP the domain corresponds to. If the recursive resolver has the address, it will return the address to the user, and the queried web page will load.

Suppose the recursive DNS server fails to answer. In that case, it will query other servers and continue redirecting until they retrieve a DNS record containing the queried IP address.

The recursive server stores the record for the domain name, including the IP address, so it can respond directly without querying other servers the next time a request is received for that domain name. An error message is indicated if the query reaches the authoritative server and cannot find the information.

In simpler terms, DNS acts like a phone book matching domain names to IP addresses, so when you type in a domain name, you are led to the corresponding website. The DNS is responsible for the connection but not the connection's speed. Take streaming as an example; DNS will connect you to a streaming service but is not responsible for issues with playback or buffering.

DNS security

What Is DNS Hijacking?

DNS hijacking is the act of taking over a domain name by accessing a business's administration system by fraudulently impersonating the owner or verified user.

This type of cyberattack is also known as DNS redirection, as DNS queries can redirect users to malicious websites.

Cybercriminals intercept or hack DNS communication, install malware on user computers or take over routers. DNS hijacking is often used for pharming (where attackers display unwanted ads to generate revenue) or phishing (stealing credentials or data or showing fake versions of sites).

ICANN, the worldwide organization responsible for managing domain names, sums DNS hijacking up as:

Domain hijacking can have a lasting and material impact on a registrant. The registrant may lose an established online identity and be exposed to extortion by name speculators.

Domain hijacking can disrupt or severely impact the business and operations of a registrant, including (but not limited to) denial and theft of electronic mail services, unauthorized disclosure of information through phishing websites and traffic inspection (eavesdropping), and damage to the registrant’s reputation and brand through web site defacement.

To reduce the likelihood of being hacked, you could use a business SSL, which provides an encrypted link between your website and a browser.

Pro tip: Always monitor your SSL certificate's expiration date.

You could also look into phishing protection, which will warn users if they are about to enter an unsafe website.

Four Types of DNS Hijacking

There are four main types of DNS hijacking to watch out for:

  • Man-in-the-middle DNS attacks: An intercept communication between a user and a DNS server, where cybercriminals provide different destination IP addresses directing users to malicious sites.
  • Rogue DNS server: A DNS server attack where DNS records are changed to redirect DNS requests to malicious sites.
  • Local DNS hijack: Installation of Trojan malware on a user's computer. This enables cybercriminals to change the local DNS settings, redirect the user to malicious sites, or steal access credentials.
  • Router DNS hijack: Attackers hijack a router and overwrite DNS settings, which impacts all users connected to that router. A router DNS hijack typically occurs when businesses use default passwords or have firmware vulnerabilities.

Your DNS can also be hijacked in the following ways:

  • Impersonating your company by convincing your domain registrar to transfer ownership to another person/registrar.
  • Infiltrating the email account associated with your domain registration.
  • Targeting your workforce with phishing emails to encourage them to disclose your domain's access credentials.

Domain search

How To Secure Your Domain Name

You can take several steps to move forward with domain name security. Let's look at how to protect sensitive data in your business in more detail.

1. Registry Lock Protocol

The registry lock protocol adds additional policy controls to DNS registry records and is typically managed through the domain's registrar. The registry must conduct rigorous domain owner identity verification to unlock a record.

2. Registrar Locking

Registrar locking indicates that a domain name should not be transferred to another registrar until the domain owner unlocks it. Frequently sold as a premium protection plan, registrar locking helps reduce the risk of a hacker impersonating a business and requesting the transfer of a domain to another registrar. Bear in mind that registrar locking does not prevent transfers via credential theft.

Pro Tip: Lock your domain name through your domain name management system as soon as you've chosen and registered it.

3. Renew Domains On Time

Make sure that your business's domain name is renewed every two years. This renewal can be done up to three months in advance. If you do not renew your domain name before it expires, it will be suspended automatically. This means that any services related to your custom domain name (email addresses, websites, etc.) will go offline.

You should receive reminders about when it's time to renew your domain name from the domain management team.

Pro Tip: You can actually register your domain name for ten years. When you renew, always choose to register for the longest amount of time available—and turn on auto-renew!

4. Multi-Factor Authentication

Where possible, cybersecurity professionals recommend that all administration should be conducted through MFA protocols. Moreover, a 2-step verification method like two-factor authentication (2FA) adds significantly more protection by ensuring that only you can sign in to your account.

It's worth knowing that poor password choice is consistently a top data security threat. Never choose an easy password to associate with your registrar account. Easy-to-guess passwords include your date of birth, continuous number sequences, and your child's name.

Instead, choose a long password of over eight characters with at least one numeric value, at least two randomly selected letters, and one symbol.

Pro Tip: Be sure to regularly change your domain registration account passwords, and never share your domain registrar login details.

Lock

5. Use DNSSEC

DNSSEC (Domain Name System Security Extensions) is an advanced DNS feature.

This adds cryptographic authentication for responses gathered from the verified DNS servers. DNSSEC is used to verify that records delivered in a DNS response have not been modified in any way.

Pro Tip: Consider enlisting the help of web-based remote monitoring services such as server and network monitoring for peace of mind.

6. Review Account Access Logs

Take the time to regularly review account access logs and report any suspicious activity to the registrar. By reviewing access logs, you'll see if particular IP addresses or visitors frequently visit your website or display malicious intent.

Also, consider limiting DNS access only to users that are sufficiently trained.

Pro Tip: Keep your eyes open for frequent POST requests. These requests indicate that someone may be attempting a malicious login attempt or abusing a contact form.

7. Keep Software Up To Date

By keeping your DNS software services up to date and reviewing the developer's configuration recommendations regularly, you are positioned as less of a risk for cybercrime opportunities. Immediately patch known vulnerabilities, as cybercriminals actively seek vulnerable DNS servers.

Pro Tip: When utilizing the cloud for your business website, be sure to configure your DNS  registration correctly. You can find more in this guide to cloud compliance standards.

8. Provide Backup Information

If possible, add backup information to your domain name account. A backup contact email address makes it easier for authorized users to retrieve access to your domain name account.

Using a different email address than the one you associate with the registered domain is good practice. This is because in the event of a DNS hacking incident, if your registration account's email address is tied to the same registered domain name, hackers would have access to your domain and registered email address.

In addition, provide the details for a second payment method on your domain name account if you can. Doing this minimizes the risk of losing your domain name due to a failed domain renewal charge—for instance if your first card on file expires.

Pro Tip: As well as the above security measures, you could also try proxies to protect your privacy. Internet proxies are a safe way of communicating with a server, providing a unique IP that grants anonymity when conducting online transactions such as shopping and banking.

DNS hijacking

How To Retrieve a Hijacked Domain

If your domain is hijacked, you should, firstly, contact the registrar as soon as possible to report the incident. Seek immediate action to implement ICANN procedures like the Registrar Transfer Dispute Resolution Policy.

Your next port of call should be the registry responsible for the domain. After this, change all your passwords to prevent the cybercriminal from accessing your other accounts.

Domain Name Security

The cybersecurity methods we've covered are a great start to securing your business's domain name. As you can see, there's much more to it than figuring out how to stop spam emails.

Your domain name serves as an address for your business's website, acting as your customer service desk, digital storefront, and the first place users connect with your company online. Your business domain name is also in force when an email is addressed to your company.

Mitigating security threats is crucial to eliminating DNS issues that could spell disaster for your business.

Francis King

Francis leads customer acquisition at OnlyDomains, a domain management solution that offers global services and support that can be accessed from anywhere in the world. Francis has been a part of the team since 2009. He is our go-to guy for everything online advertising. Originally from Melbourne, Francis cannot go a day without lifting weights; he is considering taking on Jiu-Jitsu next. Here is his blog.

comments powered by Disqus