One in four public-facing domain name system (DNS) servers on the internet are still vulnerable to the Kaminsky flaw, according to the fourth annual survey of DNS servers by network services vendor Infoblox.
The flaw allows hackers to sabotage DNS servers and send web users to sites set up to hack into their systems.
Cricket Liu, architecture vice president at Infoblox, explained that the survey used the same tests as last year, but added a check on whether servers had patched against the Kaminsky flaw by performing source port randomisation.
"The number of name servers out there has increased slightly from 11.7 to 11.9 million, and firms are using more secure up-to-date versions of the Berkeley Internet Name Daemon package," he said.
The survey also found that companies are still not migrating to IP version 6 (IPv6), the replacement for the current IPv4 addressing protocol.
"IPv6 only increased from 0.27 to 0.44 per cent, although I have seen estimates for the IPv4 address space running out as early as 2011," warned Liu.
Other areas flagged up by the survey was that unsecure Microsoft DNS server usage dropped from 2.7 to 0.17 per cent, and support for the anti-spam Sender Policy Framework for validating email senders increased from 12.6 to 16.7 per cent.
However, Liu was less enthusiastic about the fact that more than 40 per cent of name servers allow recursive queries, leaving them vulnerable to DNS cache poisoning and distributed denial-of-service attacks. Other targets are the 30 per cent of DNS servers that allow zone transfers to arbitrary requestors.
The Infoblox 2008 DNS Survey was performed in conjunction with performance testing and protocol compliance vendor The Measurement Factory.
One in four public DNS servers insecure
By
Dave Bailey
on
Nov 11, 2008 10:19AM

One in four public-facing domain name system (DNS) servers on the internet are still vulnerable to the Kaminsky flaw, according to the fourth annual survey of DNS servers by network services vendor Infoblox.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see