Terms to Remember: DNS

DNS, or the Domain Name System, is often described as a "virtual phonebook" and is one of the key components of internet function and navigation. It works to connect users to websites by translating web addresses (like bmun.org) to IP (Internet Protocol) addresses for access by browsers (this site is useful if you want to learn about the function of DNS, but it is out of scope for much of committee).

The simplicity and ubiquity of DNS creates opportunities for malicious actors to impact consumer access to online information. One of the vulnerabilities associated with DNS is referred to as "DNS hijacking" during which hackers exploit one of the multiple servers involved in a DNS lookup to redirect individuals away from the url they entered and to a malicious site. An infamous example occurred in 2013 when the Syrian Electronic Army redirected traffic from nytimes.com.

image: Cloudflare

Another technique called "DNS poisoning" is integrated into the "Great Firewall of China," and operates under similar principles, redirecting queries to incorrect IP addresses. Beyond its implications for censorship and users within China, DNS poisoning has lasting impacts on both DNS servers and the cache (or stored information) of DNS resolvers. Cloudflare compares it to a prank, asking individuals to imagine that "high school seniors change out all the room numbers on their high school campus, so that the new students who don't know the campus layout yet will spend the next day getting lost and showing up in the wrong classrooms. Now imagine that the mismatched room numbers get recorded in a campus directory, and students keep heading to the wrong rooms until someone finally notices and corrects the directory." In this way, incorrect addresses recorded in China can have longterm impacts on information access in other countries, often without a clear fix.

For committee, consider which technologies are used to regulate internet access in your country (or if you are a company, how DNS plays a role in the service you provide and what relationship it might have with access to your services globally). What vulnerabilities do they leave? What opportunities do you have to harness or regulate them?