The Annual DNS Health-Check

DNS records are complex beasts that need careful tender loving care.  Domain Names enable us to locate websites without having to remember long strings of characters but how regularly do we actually check to make sure that the DNS settings are correct?  Many organisations will make regular changes to their DNS settings, whether that is the addition of new record types, such as MX records, or updating the IP addresses, perhaps reflecting additional security measures that have been put in place.

Organisations will often have a number of people who can make changes to the DNS settings, mainly within the IT or Security functions.  However, some of these changes may not be widely communicated or recorded within the wider business and that may lead to domain name details being out of date or off policy. The deletion of parts of the DNS record could stop email addresses from working, sub-domains from resolving or even expose the organisations to unwanted risks. It is therefore important for organisations to carry out regular audits of the domain portfolio to identify where there are issues, in a similar way to an MOT for a car.

It is vital for every business to understand how their domain names are being used and whether they are delivering a return on investment.  Many will be utilised in a way to generate revenue, increase perception and reputation, or support critical infrastructure.  It may not always be apparent to internal stakeholders that a domain is no longer resolving to the correct website, or even at all.  One of the key elements of Com Laude’s Client-Shaped Service is the DNS Traffic Analysis, which focuses on ensuring that every domain redirects to where it should, highlighting anomalies that can be quickly corrected and aligned with the domain name policy.

In addition, the analysis will also highlight those high-traffic domain names which may need enhanced functionality, prioritisation and security management.  This would include DDoS mitigation and registry lock as value-add services, fundamental parts of a domain security strategy.  Whilst the priority of DNS is to ensure that domain names resolve to web content, enterprise providers will also offer proactive threat monitoring and intelligence that keeps the most critical domain names present and protected.

The second element of an annual health check involves testing the performance of the DNS infrastructure provider.  There are a number of factors that can influence the performance of a website, and whilst many factors of load speed will be related to the web servers and the dynamic content of the website, the choice of DNS provider will also have an impact on the performance of key digital properties.  Working with enterprise providers such as NS1 ensures that the critical domain names are supported on the most resilient, secure and fastest networks.

Auditing DNS on a regular basis is now considered best practice.  In 2019, The US Department of Homeland Security issued an emergency directive on the subject of DNS Infrastructure Tampering in response to the growing number of security incidents and the increased risk to vital networks such as those run by utility companies.  The first action that they recommend organisations taking is the audit of DNS records to ensure they are resolving correctly, and that Multi-Factor Authentication (MFA) is being utilised.  Working with Com Laude’s Domain Security Experts provides organisations with forensic analysis of their DNS settings and trusted recommendations to ensure domain names are adding to revenue and reputations rather than headaches and security concerns.

To learn more about Com Laude’s DNS offering, please contact us.