DNS Servers

The DNS servers hold the records for the domain.  Many people are confused about this because they think the domain registrar mainatins their domain configuration information.  That is not true, they simply maintain the identity of the servers that contain the actual records.  For WhoisSecurity.com the computers “dns.help.org” and “dns2.help.org” hold the configuration information for the domain.

The main source of attack is to compromise those servers by breaking into the machine directly, or using some other scheme such as sending false information (DNS cache poisoning).   Usually these servers are operated by a web hosting company and the user is not aware of the settings or security.

One way to improve security of spoofed e-mail from your domain is to use a sender Policy Framework (SPF record).  An SPF record is a text record that indicates which servers should send e-mail for a domain.  (Microsoft SPF Tool).   If a spammer uses your domain to send forged spam the receiver can tell it is s forgery from the SPF configuration.  This is usually configured at the mail server.

DNS Security, or DNSSEC can be implemented for some types of domains and give a greater level of security for DNS requests.  The DNS records are verified by encryption but, at this point, not many applications untilize the feature.