BIND DNS Holds Lead

Events
- JupiterEvents
- internet.com/webcasts
Jobs
Partners
Solutions
- eBooks
- Video
Shop

News
Trends
Tutorials
Stats
Hardware
Reviews
Unix Roundup
Hot Topics
Forum
Product Watch
Glossary

Web
Mail
Real-Time Communication
Application
FTP
Proxy
Collaboration
List
Telnet
Operating System
Server Attic

Sitemap
Contact Us
Home
Technology Jobs

Debian/Ubuntu SSL Keys Vulnerability Explained

NebuAd Opt-Out Promises Are Nebu-Lous

More SSH-Targeted Attacks, This Time for Debian et al

More Open Networks Today

Become a Marketplace Partner

Remote Data Backup - Fast Flexible Easy

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Partner With Us
Phone Cards
Imprinted Gifts
GPS Devices
Career Education
Laptops
Promotional Golf
Compare Prices
Baby Photo Contest
Cell Phones
Online Universities
Shop Online
PDA Phones & Cases
Promos and Premiums
Prepaid Phone Card

Continuous Real-time Data Protection and Disaster Recovery
Whitepaper: Learn how building a solid foundation from a flexible solution can not only integrate all elements within your datacenter - computing, storage, power and management - but prepares your data to survive and recovery... »

Virtualization - It's Not Just for Enterprises Anymore
Whitepaper: Read how virtualization can help companies of all sizes vastly increase server utilization levels, delay or avoid hardware purchases, and expand infrastructure capacity without increasing physical space requirements. »

Rightsizing Blades for the Mid-market
Whitepaper: Examine the requirements for servers, storage, and blade systems in the mid-market and how to apply blades your data center in a cost effective manner. »

VMware Infrastructure 3, Planning
Whitepaper: Read about planning, deployment, and operation of an Adaptive Infrastructure based on VMware Infrastructure and HP servers, storage, and management technologies. »

Disaster recovery made easy with HP BladeSystem and VMware virtualization
Webcast: Learn how you can leverage HP BladeSystem and VMware ESX Server to build a cost effective DR solution that can grow with your business. »

Meet the HP ProLiant DL385 G5

ServerWatch > News

November 21, 2007
BIND DNS Holds Lead
By Sean Michael Kerner

Maybe it's too much of a good thing, or just not enough knowledge. A new survey by DNS services vendor Infoblox has found that the vast majority of DNS servers today are using open source BIND DNS software.

Infoblox also found that a major portion of those servers are running with BIND misconfigured in such a way as to more easily enable DNS to be attacked.

According to Infoblox's study, Microsoft's DNS server software is losing market share. "We saw BIND [version] 9 go up to 65 percent from 61 percent; that is a result we hoped for," Cricket Liu, author of "DNS and BIND Cookbook" and a vice president at Infoblox, told InternetNews.com. "But then we saw that the Microsoft DNS server usage fell in half and we didn't expect that."

BIND 9.x is the next iteration of BIND, which replaces the now legacy 8.x series. Infoblox found that BIND 8.x usage is on the decline at 5.6 percent this year down from 14 percent in 2006.

Microsoft's DNS server usage declined to 2.7 percent of the DNS server marketplace, which is just over half the 5 percent market usage figure that Infoblox recorded for 2006.

BIND may rule the DNS roost, according to the study, it has its share of issues as well.

The Infoblox study revealed that more than half of all DNS servers allow for recursive queries. The reason why recursive queries shouldn't be allowed unilaterally is that they can be used to relay requests to other DNS servers and enable DNS pharming and poisoning attacks.

So-called phishers use DNS cache poisoning in an attack known as "pharming," in which a "poisoned" DNS server redirects users to the phisher's Web site. The "poison" is essentially false DNS information that is injected into a vulnerable DNS server.

According to Liu, the reason recursive queries are still an issue relates to both configuration and awareness.

"In the case of BIND name servers, there is no excuse as all modern BIND servers support fine access controls on recursive queries," Liu explained. "And if you don't do it, it's because you didn't take the time or you don't know about the relevant mechanism."

Liu cited education and complexity as culprits behind the lack of DNS Security Extensions. DNSsec is an approach that includes integrity and authentication checks against DNS data. Infoblox said only 0.002 percent of DNS servers have DNSsec running.

"It is really complex. It's all command line based so you have to be quite handy at the shell prompt," Liu noted. "The tool has gotten better in the newer versions of BIND but it still requires a lot of experience."

The path to fixing the problems with BIND misconfigurations may lead to BIND developers themselves.

"BIND 9.4, for example, changes its defaults for recursive queries," Liu explained. "So it only allows recursive queries that are sent from networks that the name server is directly connected to. It's a great change and will require some configuration by admins, but for the Internet as a whole it's terrific."

But for Liu, default configuration alone may not be enough. "You also have to deal with education so people will be required to know a little bit more in order to get things configured correctly."

This article was originally published on InternetNews.com.

Tools:

Add serverwatch.com to your favorites

Add serverwatch.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x

News Archives

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Microsoft Article: 7.0, Microsoft's Lucky Version? Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Windows Server 2008 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1		Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook		Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400		Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES