50 percent of DNS servers vulnerable

Security around DNS servers is still a serious issue for network administrators, even though new servers such as BIND 9 are more secure, according to a new survey released this week.

According to the survey, DNS (Domain Name System) infrastructure is modernising and coalescing around the most recent versions of BIND -- a type of DNS server software. However, a problem Infoblox, the company that released the survey, noted, was that over 50 percent of DNS servers still allow recursion and zone transfers, "indicating that the global DNS system is as vulnerable as ever". Recursion can leave DNS systems vulnerable to DNS cache poisoning and amplification attacks that can "bring down major networks", said Infoblox.

The survey, conducted over the past three years, found the DNS system is growing overall, which is an indicator of Internet growth in general.

At the same time, the use of BIND 9 DNS server code is increasing more quickly than other varieties of DNS server code. Infoblox considers BIND 9 more secure than older versions of BIND, as it "has a substantially better security track record ", according to Cricket Liu, Infoblox vice president of architecture.

Meanwhile, Microsoft DNS Server, which Infoblox considers a less secure type of DNS server code, has charted a continual rapid decline for three years. "Microsoft DNS Server's [market] share continued its dramatic decline, from about 4.6 percent to 2.7 percent," wrote Liu. "Perhaps this is because administrators have become warier of exposing the Microsoft DNS Server and Windows operating systems directly to the Internet."

Microsoft DNS Server market share fell from 10 percent in 2005, to 4.6 percent in 2006, then to 2.7 percent in 2007, according to the survey. Infoblox said that its decreased use was a positive step.

The survey was based on a sample that included five percent of the IPv4 address space -- nearly 80 million addresses.

Talkback 2 comments

    DNS Brad -- 21/11/07

    I run two MS DNS name servers. They are firewalled to the maximum possible extent and recursive lookups are blocked. I also have the habit of turning off processes that are not required for the duties a box is there to carry out and this makes the box less prone to other types of attack. I've had no issues with security. Many of the name servers that are subject to possible attack are owned and run by people who don't know what they are doing more than what OS they are using.

    DNS Daniel -- 22/11/07 (in reply to #320090293)

    In part I agree, but there are holes in every sides. But I still don't see any DNS server safer then MaraDNS (www.maradns.org). His history about security holes is a joke against BIND and MS DNS.

    Take a try it !

Add your opinion

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Brad Howarth The key Topik is always money
    One of the big problems of the internet is that is practically impossible to keep up-to-date on preferred topics. You can limit your sources, but this can mean missing a lot of valuable data.
  • Array Do we need the legislative blackmail?
    Virtually everyone in the telecommunications industry has their say in the Senate Standing Committee's public hearing into the pending legislation to split up Telstra, in this week's Twisted Wire podcast.
  • Array Give Tax a break for a Change
    Considering the circumstances the Australian Taxation Office's (ATO) Change Program has been operating in over the last few years, it really hasn't been going too badly.
  • More blogs »

Tags

  1. 449 articles are tagged with accc
  2. 57 articles are tagged with accenture
  3. 236 articles are tagged with acquisition
  4. 39 articles are tagged with afact
  5. 140 articles are tagged with ato
  6. 47 articles are tagged with bittorrent
  7. 1301 articles are tagged with broadband
  8. 662 articles are tagged with cio
  9. 250 articles are tagged with conroy
  10. 391 articles are tagged with copyright
  11. 44 articles are tagged with david thodey
  12. 514 articles are tagged with dell
  13. 9 articles are tagged with feed
  14. 127 articles are tagged with fujitsu
  15. 1040 articles are tagged with google
  16. 1029 articles are tagged with government
  17. 787 articles are tagged with hp
  18. 1299 articles are tagged with ibm
  19. 218 articles are tagged with iinet
  20. 5 articles are tagged with iitrial
  21. 114 articles are tagged with legislation
  22. 13 articles are tagged with longhaus
  23. 33 articles are tagged with michael malone
  24. 1474 articles are tagged with microsoft
  25. 30 articles are tagged with mike quigley
  26. 50 articles are tagged with minchin
  27. 1123 articles are tagged with mobile
  28. 356 articles are tagged with mobile phone
  29. 208 articles are tagged with national broadband network
  30. 378 articles are tagged with nbn
  31. 196 articles are tagged with new zealand
  32. 27 articles are tagged with nick minchin
  33. 716 articles are tagged with oracle
  34. 53 articles are tagged with senate
  35. 66 articles are tagged with separation
  36. 1291 articles are tagged with software
  37. 176 articles are tagged with stephen conroy
  38. 57 articles are tagged with strike
  39. 27 articles are tagged with supply chain
  40. 174 articles are tagged with sydney
  41. 60 articles are tagged with telecom nz
  42. 2426 articles are tagged with telstra
  43. 23 articles are tagged with thodey
  44. 48 articles are tagged with twitter
  45. 109 articles are tagged with union
  46. 147 articles are tagged with university
  47. 170 articles are tagged with victoria
  48. 200 articles are tagged with video
  49. 2 articles are tagged with win7au
  50. 88 articles are tagged with windows 7

Back to top

Featured