Author Topic: US Govt Rolls Out New DNS Security Measures for .gov Domains  (Read 21 times)

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 867
    • View Profile
By Sergiu Gatlan
July 17, 2019 02:37 PM
New DNS security measures for all .gov domains will be implemented by the U.S. government starting today to help mitigate risks associated with future DNS hijacking incidents.

The DotGov Program "operates the .GOV top-level domain (TLD) and makes it available to US-based government organizations, from Federal agencies to local municipalities," as per the U.S. General Services Administration (GSA).

Starting today, domain point of contacts will automatically be sent email alerts whenever the official .gov registrar will make DNS changes:

In response to recent incidents affecting other top-level domains, authorized .gov domain POCs will now receive a system-generated email when a change is made to their DNS in the DotGov Registrar.

The email will alert the POCs that a change was made to their DNS information and include instructions for mitigation should it be necessary.

All the DNS changes made by the registrar will propagate within roughly 24 hours, depending on multiple factors such as the connectivity and caching, DotGov explains.

"If you’re planning to make critical changes to your name servers over the weekend, please contact us before 5 p.m. on the prior Thursday to ensure the information propagates during weekend hours," adds the registrar.

This new DotGov initiative was prompted by a global Domain Name System (DNS) infrastructure hijacking campaign alert issued during January by the National Cybersecurity and Communications Integration Center (NCCIC), which is part of the Cybersecurity and Infrastructure Security Agency (CISA).

At the time, NCCIC advised network administrators to follow this set of best practices designed to safeguard their networks against DNS hijacking attacks:

• Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records.

• Verify that DNS infrastructure (second-level domains, sub-domains, and related resource records) points to the correct Internet Protocol addresses or hostnames.

• Search for encryption certificates related to domains and revoke any fraudulently requested certificates.