Is your DNS server domain system misconfigured?

Research indicates that more than half of DNS servers are misconfigured. The security risks accordingly increase.

More than half of Internet domain services are misconfigured, leaving many network vulnerabilities for pharming attacks, causing servers to be exploited in attacks to completely destroy the system's infrastructure. domain name (DNS).

That is the main content of a survey of new Internet domain name services announced on Monday. This survey was conducted by Measurement Factory in preparation for Infoblox, which will sell DNS related equipment here.

The situation of domain name security is so bad that the 2006 Report Card DNS report can only reach D + (in the scale of alphabetical order A, B, C, D ., A is the highest). This is the second annual survey conducted by Measurement Factory to understand the situation of the extended domain system.

Picture 1 of Is your DNS server domain system misconfigured? ' We see attacks intensifying step by step in both quantity and severity, as well as uncommon results from bad configurations in the DNS infrastructure ', Rick Kagan - makerting deputy director at Infoblox said.

The best thing from the survey is to find more than half of Internet domain services that allow recursive service names. This type of name resolution usually requires a name server to receive requests to other name servers.

Infoblox says that allowing recursive name services to leave many network vulnerabilities lurks malicious attacks. Users will often be redirected to another website instead of the website they want to use and often lose personal information.

' Servers do not need to support recursive name services ,' Kagan said. ' The problem is that BIND 9 allows the default recursive name service mode to be set . A bad vulnerability. It has been exploited and there are many common examples of this situation. Fixing is not difficult, people should save this kind of vulnerability '.

Another problem with other DNS configurations found in the survey is that up to 29% of DNS services allow the transfer of zone transfers to any device that requires it. Zone transfers will copy DNS data from one service to another, to open up opportunities for denial-of-service (DoS) attacks.

Some other results from the survey :

  1. The number of DNS services connected to the Internet increased by 20%, to 9 million in 2005. Most of them increased in Europe and Asia with many new DNS services embedded in cable modems and phone gateways.
  2. The number of DNS services using the latest open source software (BIND 9 of Internet Software Consortium used more than its old version of BIND 8) increased from 58% in 2005 to 61% by the time This point of this year.
  3. Only one out of every 1,000 DNS services supports IP Version 6, which represents a slow progress, gradually upgrading to the Internet's main communication protocols.
  4. Virtualization technologies are using DNSSEC, the recommended standard for validating DNS data. DNSSEC is supported among 100,000 DNS services.

T.Thu