DNS Servers Not Free of Vulnerability
As per a study conducted by Infoblox, the DNA servers are expanding and becoming advanced but, unfortunately, many of the, are still susceptible to attacks. DNS servers map the domain names to numeric Internet Protocol (IP) addresses. If this kind of system broke down due to server failure or malware attack, then the company's mail and public site will be unavailable.
As per the study, there is no doubt that the DNS system is expanding, reflecting that the public Web is growing. From just 9 million in 2006, the Internet-facing DNS server surged to 11.5 Million in 2007.
The report shows clear signs of DNS infrastructure being modernizing and combining around the latest Berkeley Internet Name Domain (BIND) editions - the most popular DNS server software on Internet. But DNS is still susceptible as many servers of DNS are prone to strike from various directions.
Almost 50% of the Internet name servers permit recursive queries, say, which generally demand a name server to transfer request to some different name servers. Unfortunately, this can result in making the name servers more susceptible to pharming strikes and permit these servers to be accessed in the DNS amplification strikes that will take down major Internet infrastructure.
It has also been heard that DNS server permitting zone transfers to arbitrary requestors has increased from 2% to 31% in 2007. Such transfers facilitate the duplication of a segment of DNS data from one server to another and make the system highly prone to a DDoS attack. The study also revealed that almost 75% of the surveyed machines are misconfigured which can cause service outages.
But the study also discovered some positive results. As per the result, the usage of BIND 9 increased from 4% in 2007 to 65%, which implies that more companies are putting the most latest and secure version of the open source domain name server software in place. But the usage of BIND 8 dropped by 8%.
The Vice President of architecture at Infoblox, Cricket Liu, said that for Internet's overall security, it's better to see the transition away from the Microsoft DNS servers for outer DNS and increasing trends to access the latest BIND versions, as per the news by Vnunet on November 19, 2007.
» SPAMfighter News - 30-11-2007