DNS servers still vulnerable

Poor configuration is leaving DNS servers open to attack, but overall the system is growing and modernising, according to a new survey.

DNS servers are increasing and modernising, but many are still vulnerable to attacks, according to a new study.

The third annual survey conducted by Infoblox and the Measurement Factory looked at the state of Domain Name System (DNS) servers across the public internet by surveying 80 million named servers.

DNS servers map domain names to numeric IP addresses. If such systems fail - from a malware attack or server failure, for example - then a company's email and public-facing website will become unavailable.

According to the study, the DNS system is growing overall - showing that the public internet is experience growth. The internet-facing DNS server count jumped to 11.5 million this year, up from nine million in 2006.

"An increase was expected, but the actual number is a surprise - it's a pretty substantial increase," said Cricket Liu, vice president of architecture at Infoblox.

The use of the BIND 9 - the recent version of Berkeley Internet Name Domain, the most common DNS server on the internet - is at 65 per cent this year, up from 61 per cent last year, showing that organisations are upgrading.

The use of Microsoft's DNS server fell to 2.7 per cent from five per cent last year, which the report said reflects concerns around exposing Microsoft Windows servers to the public internet. Liu said that trend runs counter to internal trends, with more internal servers still running the Microsoft DNS server. "It's not really well equipped to be run on the internet," he said. "This is an admission there's better choices."

The survey also found an increase to 12.6 per cent in the use of the Sender Policy Framework (SPF), a system for authenticating email. The more systems use SPF, the better it works, explained Liu. "Uptake has been pretty spotty," he said. "One out of 20 is not worth that much. I was amazed by the increase...it will create a snowball effect, as one-eighth is a lot of value."

But that's the good news. On the downside, the survey found that 31 per cent of DNS servers allowed zone transfers to arbitrary requestors, which could allow for denial of service attacks.

The survey also showed that half of internet name servers still allow recursive queries, which leaves such servers open to pharming attacks and amplification attacks. "In a perfect world, you should see zero," said Liu. But he added that BIND allows for recursion restriction, so people are simply failing to configure properly.

"Generally speaking, within a large organisation, one or two people know about DNS," said Liu. "Those people who are entrust with that responsibility need to keep up."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020