Half of web domain name servers are 'open to attack'

Key points:

Domain name servers are wrongly configured and so vulnerable to attack

If DNS systems fail, all Internet functions become unavailable

Many networks are vulnerable to pharming attacks

More than 29% of servers allow duplication of segments of DNS data

Half of the web’s domain name servers are wrongly configured, leaving companies and large sections of the internet’s infrastructure open to attack.

Infoblox, a developer of security appliances, and The Measurement Factory, a performance testing company, have just released their 2006 DNS Report Card.

DNS servers map domain names into IP addresses, directing users’ internet enquiries to the appropriate location.

Should an organisation’s DNS systems fail, all internet functions, including e-mail, web access, e-commerce and extranets become unavailable.

The DNS survey was based on a scanned sample of systems consisting of almost 80 million DNS devices, or 5% of the main IP version 4 based devices being used on the internet.

The survey found that 50% of DNS servers allow recursive name services - a form of name resolution that often requires a name server to relay requests to other name servers.

This leaves many networks vulnerable to pharming attacks and enables their servers to be used in DNS amplification attacks that can take down important DNS infrastructure, said the two companies.

In addition, more than 29% of DNS servers surveyed allow zone transfers to arbitrary queries, enabling duplication of an entire segment of an organisation’s DNS data from one DNS server to another, and leaving them easy targets for denial of service attacks.

Dan Kaminsky, security researcher at Doxpara Research, said, “People tend to take DNS for granted, but if it goes down so does your network. As this data shows, there are organisations that should take urgent action to bolster their DNS infrastructure.”

Antony Savvas
Computer Weekly

More information:
www.infoblox.com
www.dnsstuff.com