06-06-2024 06:39 PM
Good day,
i apologize in advance if i'm posting in the wrong place...
i've read the docs but i have some clarifications:
1. What exactly can Advanced DNS Security do that DNS Security cannot? It's implied that plain DNS Security cannot detect misconfigured or hijacked domains.
2. Does it detect when users try to connect to a misconfigured/hijacked domain, or does it detect if *my* organization's DNS domain has been hijacked or is misconfigured? Or both?
3. Would you consider these as must-have features, or just for specific setups?
Thanks
06-07-2024 12:42 AM
1. regular DNS security works somewhat like URL filtering where it categorizes a record's FQDN as good or bad
A-DNS will go a little further and also inspect the record itself to see if there are any markers that could indicate a problem:
one example is zone dangling, which allows for the takeover of a 'forgotten' subdomain record. a "common" example is when an org has set up a record pointing to a cloud resource which gets decommissioned at some point without removing the record. a bad actor could try to forge the resource so now that dns record points to their resource
2. security is applied to sessions passing through the firewall, it does not proactively monitor your domain (except if you request a record for your own domain so the payload of the request is inspected)
3. security in layers: it's certainly a nice to have
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
