In 2019, India’s largest independent registrar was found insolvent by a local court and had its Registrar Accreditation Agreement (RAA) suspended. This penalty was declared on account of its failure to pay back its debts and come back into compliance. This meant that the company was in insolvency proceedings for more than 30 days.
Insolvency is one of the several compliance-related issues that can lead to suspension of an independent registrar’s RAA. One of the biggest challenges for registrars is that of data privacy. This is where DNS plays an important role: it ensures that organizations deliver services complying to the regulations, or more specifically, the European Unions’ General Data Protection Regulation (GDPR), which is a privacy legislation. GDPR can be considered as the world’s strongest set of data protection rules, which gives power to customers and limits organizations with what they can do with personal data. It is believed that soon it will spread beyond Europe and more countries will adopt such high standards of data protection. If you are a business owner having clients abroad, or more importantly, want to grow into an MNC, the following regulations are highly relevant to you.
Following are the DNS Compliance Regulations that GDPR companies are expected to follow:
1. Security and Privacy:
The GDPR mandates the integration of security and privacy in the entire organization right from the beginning. To avoid compromising personal data, it is recommended that it be encrypted and that very limited people have access to it. This is also called Authentication and Role-Based Access Control (RBAC). This is no easy feat, especially given the rise of cybercrimes, but thankfully, this is where DNS comes in the picture, by ensuring that all data is protected, and their client organization is secure from cyberattacks. DNS offers services to effectively protect your company against phishing attacks.
According to the GDPR, data from the EU can be transferred only to a specific list of countries approved by the GDPR. So, it is necessary to know to which part of the world your data can be transferred. DNS plays a very important role by carrying out basic compliance checks and reports to ensure that the data is not transferred outside of the acceptable geographical limits and prevents it from being accessed by unauthorized persons.
3. SRV Records:
SRV records contain information about the network location of certain services and are usually stored in the DNS zone file. An SRV record can be used in conjunction with IP geolocation to answer pertinent questions like “where’s the email server?”. Used in SIP telephony and email, SRV also helps with services and protocols may like DNS-based Authentication of Named Entities (DANE), CardDAV, and Puppet, all of which have potential uses or cautions with regard to regulatory compliance.
DANE secures internet communication by allowing the digital certificates used for Transport Layer Security (TLS) be bound to domain names using Domain Name System Security Extensions (DNSSEC). This enables origin authentication of DNS data, authenticated denial of existence, which further helps verify data integrity.
CardDAV is an address book client/server protocol used on many iOS and Mac devices. Since contact information is typically protected by the GDPR, knowing the location of a CardDAV server and protecting it becomes very critical.
Finally, puppet is an orchestration tool which secures IT infrastructure by enforcing desired-state configuration. Because of this DNS tool, companies are able to protect their data by default, thereby complying to the GDPR regulations.
- TXT Records:
TXT records are like post-it notes which store small amounts of machine-readable data. Various programs and protocols can be configured to read a .txt file and act on what they find there. This is particularly useful because the .txt file can specify whether or not an app is allowed to use certain features in certain legal jurisdictions. This has been used widely in DMARC policies, verification of domain ownership, DomainKeys Identified Mail (DKIM) records, and implementation of Sender Policy Framework (SPF). With the help of SPF Check, companies can find out which mail servers are authorized to send emails for a domain as well as a list of authorized IPs and hostnames for a given domain.
You made the right choice about your DNS Server. Are you protected now?
The unfortunate answer is no. TXT Records are prone to being misused. It could be possible that the DNS server you have chosen might follow all the compliance standards, but not enforce the security rules and filtering. In such a case, your domain might be liable to attacks such as cousin domain spoofing and lookalike domains. If the TXT records do not contain allow/reject rules for domain names, a malicious intruder can send emails under a false domain name. This is exactly why services like DMARC were developed.
Although DMARC is not mandatory for compliance, the GDPR still considers your domain security as one of the factors while making its ‘verdict’ so to speak. That is why most companies, in conjunction with RBAC and such, employ protocols like SPF and DKIM through DMARC. When a tool is available that can help you get your domain under compliance and add an extra layer of security to your domain, why won’t you opt for it?
DMARC is a powerful tool that helps your organization obtain complete clarity and control over all your DNS-based channels. This including emails, authentication and improvement of the deliverability of your business email communication, and blocking inbound attacks. Through DNS-DMARC integration, you safeguard your brand name, and publish an efficient policy that instructs ISP’s on your traffic filter policies.
DMARC Monitor by Logix Infosecurity receives DMARC data from many ISPs, a number which keeps growing. We take the hassles and stress of data interpretation away. We don’t just expose your domain-related problems; we also offer solutions. With our help, DMARC data charts are generated which are easy to analyze, leading to a pleasant user experience, swift corrective action and satisfied clientele!