Half of domain-name servers are 'open to attack'

Half of the web's domain name servers are wrongly configured, leaving companies and large sections of the internet infrastructure open to attack.

Infoblox, a developer of security appliances, and The Measurement Factory, a performance testing company, have just released their ‘2006 DNS Report Card’.

DNS servers map domain names into IP addresses, directing users’ internet inquiries to the appropriate location.

Should an organisation’s DNS systems fail, all internet functions, including e-mail, web access, e-commerce and extranets become unavailable.

The DNS survey was based on a scanned sample of systems consisting of almost 80 million DNS devices, or 5% of the main IP version 4-based devices being used on the internet.

The survey found that 50% of DNS servers allow recursive name services – a form of name resolution that often requires a name server to relay requests to other name servers.

This leaves many networks vulnerable to pharming attacks and enables their servers to be used in DNS amplification attacks that can take down important DNS infrastructure, said the two companies.

In addition, more than 29% of DNS servers surveyed allow zone transfers to arbitrary queries, enabling duplication of an entire segment of an organisation’s DNS data from one DNS server to another, and leaving them easy targets for denial of service attacks.

Security researcher Dan Kaminsky said, “People tend to take DNS for granted, but if it goes down so does your network. As this data shows, there are organisations that should take urgent action to bolster their DNS infrastructure.”

More information www.infoblox.com, www.dnsstuff.com.