Secure DNS: Preventing Poisoning and Phishing
Key Points
- Secure DNS protects users by ensuring that domain name lookups aren’t hijacked or poisoned, which could otherwise redirect users to malicious sites.
- DNS poisoning allows attackers to supply false IP addresses, leading victims to phishing pages, ransomware downloads, or data‑stealing sites.
- Phishing emails often exploit subtle domain changes, relying on compromised DNS resolution to silently send users to counterfeit websites.
- Solutions like Quad9 replace the default DNS resolver with a security‑focused service that blocks known malicious domains using a maintained blacklist.
- When a request matches a blacklisted site, the secure DNS returns an error (e.g., 404), preventing the user from ever reaching the harmful destination.
Sections
- Secure DNS and Poisoning Risks - The speakers explain DNS basics, illustrate how DNS poisoning and related phishing attacks can redirect users to malicious sites, and emphasize the importance of securing DNS.
- Quad9 DNS: Privacy and Non‑Profit Model - The speaker explains that Quad9, a nonprofit DNS service based in Switzerland, protects users from phishing without monetizing their data, leveraging strict Swiss privacy laws to enhance security and anonymity.
Full Transcript
# Secure DNS: Preventing Poisoning and Phishing **Source:** [https://www.youtube.com/watch?v=iV8FYhYrUxI](https://www.youtube.com/watch?v=iV8FYhYrUxI) **Duration:** 00:05:39 ## Summary - Secure DNS protects users by ensuring that domain name lookups aren’t hijacked or poisoned, which could otherwise redirect users to malicious sites. - DNS poisoning allows attackers to supply false IP addresses, leading victims to phishing pages, ransomware downloads, or data‑stealing sites. - Phishing emails often exploit subtle domain changes, relying on compromised DNS resolution to silently send users to counterfeit websites. - Solutions like Quad9 replace the default DNS resolver with a security‑focused service that blocks known malicious domains using a maintained blacklist. - When a request matches a blacklisted site, the secure DNS returns an error (e.g., 404), preventing the user from ever reaching the harmful destination. ## Sections - [00:00:00](https://www.youtube.com/watch?v=iV8FYhYrUxI&t=0s) **Secure DNS and Poisoning Risks** - The speakers explain DNS basics, illustrate how DNS poisoning and related phishing attacks can redirect users to malicious sites, and emphasize the importance of securing DNS. - [00:03:05](https://www.youtube.com/watch?v=iV8FYhYrUxI&t=185s) **Quad9 DNS: Privacy and Non‑Profit Model** - The speaker explains that Quad9, a nonprofit DNS service based in Switzerland, protects users from phishing without monetizing their data, leveraging strict Swiss privacy laws to enhance security and anonymity. ## Full Transcript
Today's topic is Secure DNS.
Before the end of this video, you're going to know what it is, how it works and why it's important.
Now, Jeff "the security guy", you proposed this topic.
And at first, what I thought you meant was just DNS, where you have a user, which visits a website say, for example, ibm.com.
And then this DNS server maps that back into an IP address.
Maybe you meant like the encryption or something like that.
And that then allows them to return to the page they want to see.
But that's not what you were talking about. [Jeff] No.
What's the security implication here that I'm concerned about?
Yeah, so what could happen is if you had a bad guy, let's say up here, and the bad guy were to get into the DNS and poison it.
In other words, make it so that it doesn't point to the actual IBM address.
In fact, it gives a resolution that goes back to this guy and points him to some other place that is not the actual website.
Then he's going to come up here to the hacker-controlled website, and now he's basically a victim.
He could end up entering his personal information in a place he didn't mean to.
He could end up in downloading ransomware or other malware.
That's one use case where there's been a poisoning that's occurred here.
Now, that doesn't happen all that frequently, but there is also the possibility that this guy could send an email over here.
So we're talking about phishing now, right?
Exactly.
And in the email, it might say click here for ibm.com.
But in fact, it's obscured.
And what it's actually going to point to is this.
So this is some other web site; this is some kind of fake web site.
And the resolution is going to come in to here.
This DNS is going to faithfully resolve that and give him back an IP address that points him to the wrong place.
So instead of being ibm.com, it's ibmfakehack.com or something like that.
And he's not going to be aware of it.
That's like what you see in a phishing email where they have one little change of a letter,
which at first glance looks perfect legit, but in fact is taking you off somewhere else.
Okay, so how is it we're going to address that problem?
So a better way to do this is to have a DNS that is more trustworthy,
that's designed for security, designed for privacy, designed for all of these kinds of things.
And an example of that is something that comes from an organization called Quad9.
In Quad9, you would replace the DNS here, and instead send your domain names, your URLs, to Quad9. Quad9 then resolves them.
And what Quad9 is doing is maintaining a blacklist of known bad websites.
So this bogus website up here would be in the blacklist, and when you sent the request down to get resolution,
you would not get back anything.
You get like a 404 or server not found?
Yeah, something along those lines. So in other words, there's literally no way for you to get to there
because you don't even know what the numeric IP address is for that site.
This thing was looking out for you and blocked you from ever getting there in the first place.
So that essentially protects me from a potential phishing attack.
Exactly.
But there's also, you look at other parts of this, the performance and privacy considerations.
Like right now, today, you probably have your DNS is through your ISP, or if you have a mobile phone through them, right?
And honestly, we also know that they have a potential profit motive there.
How does that picture play out here with Quad9?
Well, the good news is Quad9 is a nonprofit organization.
So they don't profit from your information.
There's an old saying that says "if you're not paying for it, you're the product, not the customer." Well, in this case, that's not the case.
Because, in fact, you're not paying for Quad9.
But in fact, what they're doing is it's a nonprofit and they're trying to improve security and privacy for everyone.
The organization that runs Quad9 is headquartered in Switzerland,
which is a country that is known for privacy, all the way to your financial privacy and these kinds of things.
They actually have stronger privacy regulations than there are in the rest of Europe.
In the European Union, they have the Generalized Data Protection Regulation standard, GDPR.
And in fact, that's very strict.
The laws in Switzerland, are even stricter, and carry actual criminal penalties for violations.
So it's in a place where there is there's no desire to monetize you.
The desire is to take your information, anonymized, and use it to enhance this blacklist. And we get sources, other sources that feed into this.
One of those other sources is IBM's X-Force Security Research Group.
So this all enriches the database and that information is then shared.
So everyone that comes along benefits from everyone else's contribution to this.
Think of it as a crowdsourcing.
But your information is still anonymized.
And no more profit motive.
None of that.
Because the best thing here about this is the whole thing is in fact free.
You don't pay for it, yet you benefit from it.
And in fact, everyone benefits from this with the security capabilities it adds.
Excellent.
So that's the message you need to take away, is that go into your network settings
and whether it be Windows or MacOS and you can change your DNS to be...
9.9.9.9.
Therefore Quad9.
So it's easy to remember.
Well, thanks a lot, Jeff.
You bet.
Thanks for watching.
If you found this video interesting and would like to learn more about cybersecurity, please remember to hit like and subscribe to this channel.