DNS Security: The Invisible Backbone of Digital Trust
For many organisations, the Domain Name System (DNS) remains a purely technical concern — something that “just works in the background.” Until, suddenly, it doesn’t.
When DNS fails, the consequences are immediate and business‑critical: services go offline, emails stop flowing, customers lose trust, and attackers gain an invisible foothold. A single lapse in DNS governance can disrupt operations, undermine digital authenticity, and expose organisations to serious reputational and financial damage.
DNS: not plumbing, but infrastructure
During the roundtable, Kristof Tuyteleers, CISO at DNS Belgium, and Craig Sanderson, Principal Cyber Security Strategist at Infoblox, challenged the long‑standing assumption that DNS is a low‑cost utility rather than a strategic asset.
Kristof captured the issue with a striking analogy:
“Firewalls are like a lock on the front door. DNS security is the master key to all doors and windows.”
Organisations invest heavily in firewalls, endpoint protection, and identity platforms, often complex black boxes whose internal workings customers cannot verify. Yet DNS, which determines where users are sent and which services they trust, frequently receives far less executive attention.
In reality, DNS sits at the heart of nearly every digital interaction. If attackers can manipulate or abuse it, they don’t need to break in, they simply redirect.
The hidden business value of DNS
A recurring theme throughout the evening was the intrinsic business value of DNS.
Every domain name represents:
Brand reputation
Digital trust
Customer communication
Application accessibility
Email authenticity
Once damaged, that trust is extremely difficult to restore. A domain such as amazon.com.be — even if legitimate — can be blacklisted after abuse, and regaining trust with mail providers, browsers, and partners may take months or even years.
DNS, therefore, is not just about uptime. It is about credibility.
Not all domains are equal
The discussion also highlighted that not all Top‑Level Domains (TLDs) are created equal. A TLD is the final segment of a domain name, the part that appears after the last dot, such as .com, .be, .flanders,...
These well‑governed TLDs typically apply strict registration and abuse controls.
Others, however, are far more problematic. Domains such as .tv, .io, or .tk are frequently associated with malicious activity.
One of the most striking examples is Tokelau (.tk). Despite a population of roughly 1,400 inhabitants, Tokelau has historically hosted tens of millions of registered domain names, often exceeding even large European TLDs in volume. The reason is simple: free or ultra‑cheap domains, a perfect breeding ground for cybercrime.
Attackers thrive where identity checks are weak and churn is high.
Shadow domains: the forgotten risk
While much attention is given to shadow IT, far less focus is placed on shadow domain names.
Many organisations experience a structural tension:
IT teams work with discipline, ticketing systems, and lifecycle management.
Marketing teams move fast, launching campaigns, microsites, and regional initiatives.
Domains are registered quickly — and then forgotten. When marketers leave the organisation, those domains often remain unmonitored, unrenewed and unsecured. This creates a perfect opportunity for attackers. Dormant domains with years of good reputation can be re‑registered and immediately abused for phishing, impersonation, or malware delivery.
As one participant noted: “Attackers don’t need new domains, they want old ones with trust.”
An uncomfortable insight shared during the discussion: a domain name should often be retained for up to 10 years after decommissioning to prevent exactly this type of abuse.
Cloud dependency: strategy or slogan?
The conversation naturally expanded toward systemic dependency.
After major cloud outages — such as high‑profile disruptions involving AWS — many organisations suddenly realised how many applications, suppliers, and internal processes depended on a single ecosystem.
This led to a provocative question raised at the table.
Can you really call “Cloud First” a strategy?
Without understanding DNS dependencies, resolver paths, and external service reliance, organisations risk building resilience on assumptions rather than architecture.
DNS makes those dependencies visible.
Cybercrime at industrial scale
Craig Sanderson offered a sobering view of modern cybercrime.
Today’s attackers no longer operate campaign by campaign. Instead, they run industrial processes built on DNS:
Mass registration of millions of look‑alike domain names
Automated user profiling at global scale
Rapid switching of infrastructure
Continuous testing of detection thresholds
As a result, defenders have changed tactics.
Rather than chasing individual phishing emails or isolated attacks, security teams now focus on dismantling underlying DNS infrastructure , identifying patterns, resolver behaviour, and command‑and‑control relationships.
DNS telemetry has become one of the richest sources of threat intelligence available.
DNS as an early warning system
One particularly powerful insight discussed during the evening:
Looking at DNS traffic after an incident often reveals the true size of a breach.
Unusual query volumes, strange destinations, and persistent callbacks frequently expose:
Data exfiltration paths
Malware propagation
Lateral movement
DNS does not just help prevent attacks. It helps measure impact.
Learning from national-scale incidents
Following a massive cyberattack on the UK health sector, the British government launched a program to centralise DNS services for public-sector domains.
The goal was clear:
Improve visibility
Enforce consistent security policies
Protect national digital assets at scale
It demonstrated that DNS security is no longer only an organisational concern. It is increasingly viewed as critical national infrastructure.
From technical control to boardroom topic
Throughout the roundtable, one message became unmistakably clear:
DNS must be elevated.
It requires:
Clear ownership
Executive accountability
Lifecycle management
Integration with enterprise risk frameworks
Craig summarised DNS security around two core principles:
Resilience – ensuring availability and continuity
Integrity – ensuring users reach what they trust
When trust, uptime, and authenticity define brand value, DNS can no longer sit in the background.
A strategic control point
DNS is not merely a technical service.
It is a strategic control point, one that connects identity, cloud, supply chain, brand protection, and cyber defence.
As the evening at Kasteel Ter Ham made clear, organisations that continue to treat DNS as an afterthought risk discovering its importance only at the worst possible moment.
The conclusion shared by many around the table was simple:
If identity is who you are, DNS is where the world believes you are.
And that belief is worth protecting.