Why does DNS security feel like a never-ending story?

1.2k views2 Upvotes4 Comments

CEO in Software, 11 - 50 employees
Think about the complexity associated with failover zones, multilevel networking combined with a variety of different security tools, controls and software which use that environment all abstracted from the hardware. I used to think a bad JLL or a bad NIC card was a problem but I can't even imagine the complexity buried in a Google, Microsoft or Salesforce environment.

When I was head of infrastructure at a biotechnology company, a network outage occurred on the campus. The first problem was that when they built the campus network, Cisco was the advisor on what to buy and how much to buy for every building. Every building got 4 times the switch it needed with all of the extra accoutrements—accelerators, an extra supervisor—which were unnecessary. We began having this problem in a couple of buildings where certain people couldn’t access their file systems online. Other people can't access the internet. Some people are having no problems at all. It's a widespread but intermittent issue that differs from customer to customer. It took us 2 hours to find out that it was a problem with the accelerator card in the network switch which created that behavior.
CIO in Education, 1,001 - 5,000 employees
You should know DNS issues are coming and nobody's figured out a great way to handle that yet. We've been doing phased cut overs with people to single sign on with our Office 365. We'd been doing them in batches and the person who was scheduled that night had some emergency and wanted to be pulled off that migration list. So I sent somebody a note on Teams and then called them. Then I called my CTO and Deputy CIO separately. After that I sent an email blast and 20 minutes later I finally found the right person to start the process. We had it solved within 45 minutes, but I paused and said, “If this were a real emergency or true outage, what is our process? What would we have done? Because this wasn't the real test.”
3 1 Reply
CTO in Software, 11 - 50 employees

Everybody’s had DNS/network issues or SSL cert expiry issues. Even Microsoft has had this problem. There's no good way to fail forward from a DNS issue, but no one can be perfect. Everything fails and how quickly you respond to failure is resiliency.

Chief Information Officer in Manufacturing, 10,001+ employees
DNS Security is a moving target based on current security threats. It should be part of your overall strategic security plan. It shouldn't be thought of as a separate security issue.

Content you might like

Yes, we schedule these as separate meetings37%

No, we discuss them at the same time during scheduled performance reviews51%

No, but we’re working to implement a process for both discussions10%

Not sure2%

Other (I’ll comment below)0%




Yes, but third & Nth parties are still a concern39%



Don't know1%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47k views133 Upvotes324 Comments