Could a tertiary name service save your uptime?

DNS is a building block
% dig service.gov.uk ns +short
ns-117.awsdns-14.com.
ns-cloud-e4.googledomains.com.
ns-1080.awsdns-07.org.
ns-cloud-e3.googledomains.com.
ns-cloud-e2.googledomains.com.
ns-cloud-e1.googledomains.com.
ns-1983.awsdns-55.co.uk.
ns-831.awsdns-39.net.
% dig gov.uk ns +short
auth50.ns.de.uu.net.
ns1.surfnet.nl.
auth00.ns.de.uu.net.
ns2.ja.net.
ns4.ja.net.
ns3.ja.net.
ns0.ja.net.

Domain sprawl

Asset Inventory

Resiliency

Supply chain diversity

So, a tertiary nameservice for UK government?

Why?

  1. This might help the UK Government actually figure out how many idle/active domains it has.
  2. This might help the UK Government with a whole bunch of really clever asset discovery and surface scanning — feeding the National Cyber Security Centre’s (NCSC) WebCheck service or figuring out what vulnerable Citrix or VPN services are internet-facing
  3. This might help figure out who is the ‘technical contact’ for domains, subdomains and so on — on what could be a per-zonefile basis, which is the most granular you can reasonably go
  4. This will provide resilient nameservices to the corporate email domains literally used to run the country.
  5. This will provide a known-good zonefile repository — including fun stuff like trend analysis over time if the tertiary nameservice operator is feelin’ fancy.

How?

  1. Offer things in return, even if you think the service being free should be sufficient to make people want to use it (its not)
  2. Automatic introduction through the existing (and any new) .gov.uk registrars
  3. Making it easy to self-register and get going
  4. Asking nicely
  5. Set guidance/standards/policy as needed, including linking to how this will help mitigate risks and help organisations meet existing guidance/standards/policy

Cost avoidance

--

--

--

The thin blue line between technology and everything else. joelgsamuel.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Addition Matematik Spil Hack Free Resources Generator

How to Prevent Your Remote Workers From Causing a Data Breach

{UPDATE} Dice Game - Free Hack Free Resources Generator

Remote Working during the Pandemic: Network Security Challenges and Solutions

Drupal & Security Updates: Painful, Painless, or Oblivious?

SPOT 2021 Q1 Report

{UPDATE} العترة: أسئلة وأجوبة Hack Free Resources Generator

IoT Security — Insight on Trends, Challenges and the Road Ahead

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joel Samuel

Joel Samuel

The thin blue line between technology and everything else. joelgsamuel.com

More from Medium

DSA-2021–088: Dell Client Platform Security Update

Launching Products Reliably

Firewall bypass with CARP in Packet Filter

BTblock + FYEO, better together. BTblock’s blockchain security audit service is now part of FYEO!