DNS Filtering Term Glossary

The following terms are important to either understanding DNS or play a role in DNS filtering, DNS protection, etc. DNS is a core protocol to our ability to use the internet, and it can be argued that the internet won’t be what it is today without DNS. DNS filtering helps censor content on your network, and the terms on this page help you familiarize yourself with terminologies, protocols, and devices/software that work to make DNS and DNS filtering possible.

C

CNAME - Canonical Name. This is a DNS record that maps an alias name to the actual name or another canonical domain name. They are typically used to map a subdomain (e.g. www, en, mail etc) to the domain name hosting content for that subdomain.

C2 Server - Also referred to as a CNC server or Command and Control server. A C2 server is a component of a malware attack that establishes a remote channel between a compromised host and the attacker’s server. Continue reading about C2 servers here.

Cache Poisoning - Also known as DNS poisoning. This is a form of DNS poisoning done by corrupting DNS cache entries with false data for malicious intent. Continue reading about Cache poisoning

Command and Control Attack - See C2 server.

D

DGA - Domain generation algorithm. These are used in malware attacks by the attacker to generate a random string of domains that are randomly switched as destination points for infected systems to contact their command and control servers (See C2 server). Constantly generating these domains and switching them for use in the attack makes it more difficult to trace the source of the attack. 

DHCP - Domain Host Configuration Protocol. This is the network protocol responsible for automating the configuration of devices on a network. This includes assigning IP addresses to nodes, providing information like the default gateway IP, and DNS information to use the DNS service.

DNS - Domain Name System. Application layer protocol used by networked clients to resolve a domain name to its IP address. DNS is considered as the phonebook of the internet and follows a tree-like path of servers from root domains servers through Top-Level domain servers to host domain servers to resolve the name of a queried domain to its I.P address. Continue reading on DNS 

DNS Filtering - DNS filtering leverages DNS (the Domain Name System) to filter out bad content on the internet. It is edge-layer protection critical for businesses as it mitigates the risk of a cyber attack. Continue reading about DNS filtering.

DNS Poisoning - Also referred to as DNS cache poisoning based on the strategy with which the attack is carried out. This is when an attacker takes advantage of vulnerabilities within the Domain Name System to send a fabricated (spoofed) response to a client’s DNS query.

DNSSEC - Domain Name System Security Extensions. This is a security system that helps verify the origin and integrity of data moving back and forth in a DNS resolution process. It is the best solution for preventing DNS poisoning and Cache poisoning.

DNS Tunnelling - This is a malware technique that allows an attacker to establish a command-and-control (C2) channel to a victim’s computer. The channel created provides a means of encapsulating a malicious payload within DNS queries to take advantage of the relatively unrestricted flow of DNS traffic, especially in scenarios where almost all other traffic is restricted.

DoH - DNS-over-HTTPS. This is a DNS encryption strategy that uses the secure port 443 used for encrypted HTTPS communications to send a DNS query to a DNS server that supports DoH. This method is popular among Google, Apple, and other big tech companies. Continue reading about DoH

DoT - DNS-over-TLS. This is a DNS encryption strategy that channels a client’s DNS query through the secure TLS port 853 instead of the common port 53 used for unencrypted DNS communication. This is an alternative method to DoH, though both methods have RFCs. Continue reading about DoT.

I

IDS - Intrusion Detection System. This is a device or software that monitors a network or systems for malicious activities and if any is detected, reports the incident to the parties (individuals or incident management systems) who will take action.

IPS -
Intrusion Prevention System. This is a network security tool (hardware or software) that monitors a network for malicious activity, reports it when it happens, and takes action to prevent it.

M

Malware - Malware is a short form for the term “Malicious Software”. This is software that is designed to cause damage to, steal information from, or take control of a victim computer and/or network.

N

NAT - Network Address Translation. This enables translation of a public routable IP to several private IPs used by computers on a network. This is mostly used to enable hosts with private IP addresses to send and receive packets from the internet.

P

PDNS - Protective DNS. This is a security service that analyzes DNS queries in order to prevent access to malware, phishing attacks, viruses, and other malicious elements that can take advantage of the DNS protocol. PDNS leverages existing DNS protocol and architecture to perform its threat protection activities. Continue reading on PDNS

Phishing - This is a social engineering attack used in tricking users into taking actions that allows the attacker to steal data such as login credentials and credit card numbers. This attack can be done through well-crafted emails that masquerade as though they are sent by well-known services and take advantage of their perceived legitimacy.

R

Roaming Clients - This is an endpoint software that provides a service that is typically available within an organization’s network to devices that are off-site. For example, DNSFilter Roaming Cclients provide network protection for off-site devices. Continue reading about DNSFilter Roaming Clients

S

Spear Phishing - This is a type of phishing attack that is targeted at a specific individual or individuals or group of persons within an organization.

T

TCP - Transport Layer Protocol. This is the transport layer protocol used to transport a packet (also referred to as segment) with guarantee that it will reach its destination and arrive in the correct order. It also has capabilities for handling errors.

U

UDP - User Datagram Protocol. This is a connectionless type of protocol that transports network packets (also referred to as datagram) without guarantee that it arrives at its destination or it’s in the correct order. It is used in situations where high-speed and low-latency is favored over delivery assurance.