Domain Name System or DNS is one of the key components of inter-system communication allowing the internet to function. DNS systems make it easier for people to browse the web by acting as telephone books containing IP addresses that a computer could use to initiate communication. As all DNS servers are connected, this creates a colossal structure on which the internet is founded.
Having said that, many options exist for how a DNS server could be set up within an organization. This article will review the different types of DNS server setups, highlighting the main differences between public and private DNS servers, their use cases and unique properties.
A short recap of DNS
Every internet user and domain has an assigned IP address. Communication between servers and devices happens via IP address exchanges, not host names. For this reason, DNS needs to translate host names into DNS into IP addresses to initiate contact with another system.
Due to the connected nature of the whole system, if a DNS server is requested but doesn’t have the required address, it contacts other DNS servers to look for a matching IP. These constant exchanges among the DNS servers also help to eliminate various redundancies and help to keep the data up to date.
What are the DNS options?
Every single user of the internet is also assigned a DNS server. In most cases, it’s one provided by the Internet Service Provider. While some users never leave it, setting up your own DNS server is possible. This creates a distinction between public and private DNS servers.
Private DNS — resides behind a company firewall and maintains records of internal websites. It’s a much more discrete DNS configuration method, but the organization must manage it.
Public DNS — maintains a publicly available domain names list available. It’s available to anyone with an internet connection. One of its main advantages is that it’s available to anyone and doesn’t require additional setup.
How the DNS queries should be handled is one of the most important cybersecurity decisions an organization must make. The increasing volume of data breaches is a catalyst to make security tighter, and DNS is one of most companies’ first areas for improvement.
Public vs. private servers
Organizations often combine public and private DNS servers for their day-to-day operations. One of the most common setups involves maintaining an external authoritative DNS server that handles public queries and a separate one containing authoritative information provided by public DNS.
Maintaining separate servers that do not know each other can be a security advantage. The main benefit is that the public server does not know the private counterpart. This helps to build layers of security and helps to isolate private information from leaking out into the open. Here are the principal benefits of private DNS servers over public ones.
Reliability. Separate DNS servers can provide better uptime. This means you won’t have to deal with the blank screens telling you that the DNS server is down.
Filtering content. If you want tighter control of the content that’s allowed to access, switching a DNS server can help to achieve stricter content controls. That way, blocking particular websites or their entire categories is possible.
Security. DNS servers can also be used as one of the methods to deter various cybersecurity threats. Some of them boost stronger security measures like advanced security and encryption protocols.
While this setup means extra work for network administrators, this can be essential work to provide the best possible security.
What are DNS risks?
Even when having an in-house DNS server, this does create additional problems. To ensure the network’s security, each user must use the company’s proprietary server. However, it can be pretty difficult, especially when a business has a bring-your-own-device (BYOD) policy. Such users can switch DNS servers anytime, putting the company at additional risk.
From the administrator’s side, having control of a DNS also means limiting the harmful websites available to any given user. This acts as an additional barrier to protect the endpoints protecting the company’s resources.
How can NordLayer Custom DNS help?
NordLayer clients can use their own private DNS servers without needing to configure them per device. Our Custom DNS feature allows clients to apply a currently used private DNS solution to NordLayer Virtual Private Gateways. Additional features like DNS Filtering enhance the overall security by allowing clients to precisely customize what content they should access while connected to their Virtual Private Gateway. This results in a much more secure solution than relying on publicly available DNS servers.
NordLayer-connected users can’t change the company-assigned DNS servers into something else. On the other hand, users that don’t have their own DNS set up can use the ones provided by NordLayer.
In the end, NordLayer can seamlessly integrate into your company’s IT infrastructure no matter what DNS setup you're currently using. This significantly contributes to providing well-rounded cybersecurity care to prevent various risks associated with DNS operations. Contact us to learn more how we can help your business.