Recursive DNS is a blind spot in your security. Cybercriminals target DNS because it often left open and unprotected. DNS is mandatory for the internet, but for something so important, it isn’t protected nearly enough. 2,116 cyber-attacks happen every 60 seconds. How many minutes will it take to affect your network? Cybercrime damage is expected to reach $6 trillion in the next four years. Can you afford an attack like this? Most of us can’t, and even if we can, it is hard to come back from. So, what are our options? How can we secure recursive DNS to protect our networks?

Because a DNS has one job, and cannot detect the nature of a domain, it is unable to protect itself. This means that we need to find a way to do so ourselves. One way to avoid cyber-attacks through DNS is to redirect DNS requests through a third-party that acts as a DNS server. This will be able to scan domains and determine whether or not they should be opened This is known as a DNS firewall. This option will allow your DNS to block malware, detect Command and Control (CnC), curb DGAs and fast fluxing, and prevent data exfiltration.