‘Many DNS systems still susceptible to attacks’

Spread the love

Many DNS servers are still susceptible to attacks. Researchers have found that most servers are misconfigured, although the use of the Sender Policy Framework is steadily increasing.

from research from The Measurement Factory and Infoblox it appears that the number of DNS servers is still growing, but that many of these servers allow ‘recursion’ and random zone transfers. According to Cricket Liu, vice president at Infoblox and author of several books on dns and bind, there is a danger here.

For the study, which has now been conducted for the third time, the researchers looked at nearly eighty million IPv4 addresses. More than half of the name servers surveyed allowed recursive queries. According to Liu, this can make DNS servers susceptible to pharming attacks and used to perform DOS attacks. It is remarkable that almost no use is made of Dnssec, which can be used to guarantee the integrity of dns servers. Only 0.002 percent of all servers support this protocol.

The number of publicly accessible DNS servers has now risen to 11.5 million, the researchers estimate. Last year there were still about nine million, while in 2005 there were still 7.5 million. Usage of Bind9, the most widely used DNS server software, is up 4 percentage points to 65 percent, and support for the Sender Policy Framework more than doubles to 12.6 percent.

The already marginal use of Microsoft’s DNS Server has dropped again, to the relief of Bind proponent Liu. After the use of this dns server software had already halved to 5 percent in 2005, this fell further in 2007 to 2.7 percent. “For the overall security of the Internet, it’s good to see the move away from Microsoft DNS Servers and the increasing use of a recent version of Bind,” said Liu.

You might also like