Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thing or two about the nature of internet exposure, so we figured, why not break up all the protocol studies into their own reports?
So, here we are! What follows is taken directly from our National / Industry / Cloud Exposure Report (NICER), so if you don't want to wait around for the next installment, you can cheat and read ahead!
[Research] Read the full NICER report today
Get Started
Domain Name System (DNS) (UDP/53)
"The Achilles Heel of the Internet" - Sir Tim Berners-Lee
TLDR
WHAT IT IS: Domain Name System (DNS): The globally distributed address book of services on the internet.
HOW MANY: 4,717,658 discovered nodes. 3,498,439 (74.1%) have Recog fingerprints (15 total vendor+service families)
VULNERABILITIES: Around 200 across all service families with every CVSS score imaginable.
ADVICE: You kinda have no other choice but to use it.
ALTERNATIVES: DNS over TLS (DoH), DNS over HTTPS (DoH), DNS over QUIC (DoQ); downgrade to Novell Netware.
GETTING: Used about as much as last year, which kind of makes sense since DNS makes the internet work.
Nobody wants to memorize IP addresses in order to get to network resources, nor does anyone want to maintain a giant standalone list of hostname to IP address mappings. However, nobody also wants to wait forever to get a response to the request ..
Support the originator by clicking the read the rest link below.
