Internet DNS servers vulnerable to attack

Infoblox, a network appliance business, has claimed that over 50% of the Internets 'Domain Name System' (DNS) servers could be vulnerable to attack. Such servers typically allow you to view websites and use e-mail by translating your IP address into something more readable.

These days most new DNS servers are based off the relatively secure BIND9 system, which is a complete rewrite of the old nameserver code, library and tools. However many others are still using older systems that can be vulnerable to recursion and zone transfer related attacks:

Perhaps the most interesting part of the survey is the census of Internet name servers, which this year showed an estimated 11.7 million name servers. (Last year’s survey estimated 9 million, while the previous year’s estimate was 7.5 million.) Of these, about 70% ran the BIND name server. A higher percentage of these were the most recent version, BIND 9 (64.5% versus 60.7%), while the percentage of obsolete BIND 4 and BIND 8 name servers declined sharply (BIND 8 from 13.7% to 5.6%, BIND 4 from .4% to .2%).

The Microsoft DNS Server’s share continued its dramatic decline, from about 4.6% to 2.7%. Perhaps this is because administrators have become warier of exposing the Microsoft DNS Server and Windows operating systems directly to the Internet.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: