Home arrow Knowledge Center arrow Servers & Data Center arrow DNS - DCHP - WINS arrow Is your DNS configured correctly?
Home
Tools
Knowledge Center
Howto's
Latest Jobs
Latest jobs from IT Contractor Jobs
The latest jobs registered on the IT Contractor Jobs web site.
  • Test Analyst

    - Test Analyst (New Zealand, Auckland - Auckland CBD)

    Test Analyst - Contract A software test Engineer is required for a 6 month contract. Working in the Finance sector and for a...

  • Test Analyst

    - Test Analyst (New Zealand, Auckland - Auckland CBD)

    Test Analyst - Contract A software test Engineer is required for a 6 month contract. Working in the Finance sector and for a high...

  • Senior Infrustructure Engineer

    - Senior Infrustructure Engineer (New Zealand, Wellington - Wellington CBD)

    Senior Infrustructure Engineer - Hourly Rate Contract   I require an experienced Infrastructure Engineer to work in a technological environment that is constantly...


Is your DNS configured correctly? PDF Print E-mail

More than half of the Internet's name servers are configured incorrectly, leaving networks vulnerable to pharming attacks and enabling servers to be used in attacks that can wipe out DNS infrastructure.

This is the key finding of a survey of the Internet's domain name servers released Monday. The Measurement Factory conducted the survey for Infoblox, which sells DNS appliances.

Overall, the 2006 DNS Report Card assigned a grade of D+ for DNS security. This is the second annual survey conducted by The Measurement Factory about the state of the global DNS.

We saw an increase in the pace and severity of attacks and outages resulting from bad configurations in the DNS infrastructure,'' said Rick Kagan, vice president of marketing at Infoblox.

The survey's main finding was that more than half of the Internet's name servers allow recursive name services. This is a form of name resolution that often requires a name server to relay requests to other name servers.

Infoblox said that allowing recursive name services leaves networks vulnerable to cache poisoning attacks, in which users are redirected to a different Web site often for the purpose of capturing personal information.

"There is no need for servers to support recursive name services,'' Kagan said. "The problem is that BIND 9 enables recursive name services by default. ... This is a bad vulnerability. It has been exploited; there are public examples where that has happened. But it's easy to fix and people should address it.''

Another DNS configuration problem that the survey found is that 29% of DNS servers allow zone transfers to arbitrary requesters. Zone transfers copy DNS data from one server to another, and leave servers open to denial-of-service attacks.

The survey's other findings were:

  

  • The number of DNS servers connected to the Internet rose 20% to 9 million in the last year. Most of that growth was in Europe and Asia, with many new DNS servers embedded in cable modems and phone gateways.

     

  • The number of DNS servers running the latest open-source software -- BIND 9 from the Internet Software Consortium rather than the older BIND 8 -- rose from 58% in 2005 to 61% in 2006.

     

  • Only two out of every 1,000 DNS servers support IP Version 6, showing the slow pace at which this upgrade to the Internet's main communications protocol is being deployed.

     

  • Virtually no one is using DNSSEC, the proposed standard for authenticating DNS data. DNSSEC is supported on one out of every 100,000 DNS servers.
 
< Prev
[ Back ]
Powered by IT CONTRACTORS and designed by EZPrinting web hosting