Entries tagged with “dns” from Domains / Internet Technology News - DNS News

Dan Kaminsky's discovery of a nasty bug in DNS rocked the security world in 2008.

It's now 2010, so you would be forgiven for thinking that most DNS servers should have been updated, patched or configured in such a manner as to render the Kaminsky hole null and void.

Unfortunately that is not the case.

Several medium sized DNS providers, which include ISPs, data centre providers and many others, are still operating DNS servers that are vulnerable according to the IANA test

So what is the danger?

The danger is what is called "cache poisoning". In simpler terms, it is possible for a criminal to take advantage of a nameserver's configuration and conduct either a "man in the middle" type attack or simply to redirect all the traffic elsewhere. The number of issues is only limited by the criminal's imagination and technical skill.

Here's but one example using boards.ie (a popular forum in Ireland) :

UPDATE: Digiweb have fixed their DNS configuration so the test above will no longer work.

Earlier today Google announced the launch of their new DNS service. They're pushing it as part of their "better experience" and "speed" drive that Matt Cutts and Co have been harping on about for the last while.

OpenDNS, however, has been offering a similar service for quite some time. A lot of Irish users were forced to use it earlier this year when Eircom, one of the country's main ISPs, suffered severe issues with their DNS serving their broadband and dialup users.

So it was quite interesting to read OpenDNS' response to the Google service. The article is a good read, but if you don't have the time or energy skip to point 3:

"Google claims that this service is better because it has no ads or redirection. But you have to remember they are also the largest advertising and redirection company on the Internet. To think that Google's DNS service is for the benefit of the Internet would be naive. They know there is value in controlling more of your Internet experience and I would expect them to explore that fully"

Yes. Did you honestly think that Google was doing this purely out of "goodwill"?
If you did, then you might forgive me for thinking you're a bit naive.

Access to enduser DNS data is pure gold.

Google will now have access to potentially millions of users' DNS data. They claim they aren't going to use the data for anything else, but they also state they'll hold onto some of the data permanently. Why? The data is useless unless you plan on doing something with it...

If nothing else it means that Google will have even more control over the enduser's browsing internet experience. I'm not sure if that's such a good thing.

Let's see how this pans out ..

John McCormac has been collecting and processing statistics on domain registrations and hosting for as long as I can remember. He is probably best known for Hackwatch and WhoisIreland, which produces monthly reports for the Irish hosting and domain industry.

John's latest project has been in development for several months and offers an alternative to some of the existing domain statistics sites already on the market.

What makes it different is that HosterStats cares about ccTLD data.

Sites like WebHosting.info and DomainTools all but ignore ccTLD data and give a rather skewed perspective of non-US based providers.

With Hosterstats you can easily check the DNS history on any .com/.net/org/info/mobi/eu/asia/co.uk or .ie domain name.

While the site isn't the prettiest at present it is incredibly functional and nice and fast to load, so you get the information that you want quickly and easily.

It will be interesting to see what John plans on adding in terms of features in the coming weeks and months.

In the last few weeks considerable attention has been focussed on security flaws in DNS.

IANA have released an easy to use tool that allows you to check your dns to make sure that it is not vulnerable to attack and / or abuse.
They also explain what the tool is checking for and why.

The IE Domain Registry has announced in the last few days that they are now doing rebuilds and reloads 7 days a week and that the frequency has been increased from twice a day to four times a day

According to several reports UK registrar and hosting company UK Reg has been experiencing intermittent issues.

More details are available here and here

The company issued a statement to explain what happened:

123-reg experienced intermittent performance issues on its DNS servers between late afternoon on Friday 16 November and Sunday 18 November. This meant that some customers have encountered difficulties with their domain names during this period.

This problem was caused by a combination of excessive loading on the DNS servers and a rare hardware failure. During this time, 123-reg engineers have replaced the hardware and full service has been resumed.

We apologise to our customers for the inconvenience that the outage would have caused and we have begun an investigation to identify the cause of the failure, and any necessary actions required will be implemented without delay. Further information and updates is available from http://www.hosting-status.pipex.net

Businesses may rely on domain names to conduct their day to day work, but that does not mean that they really understand what they are using or how important they are.

Of course those of us in industry may feel tempted to either scoff at people's naivety or feel terribly frustrated with their ignorance, however neither action is particularly productive.

Loic Damilaville, however, has tried to take a more practical and positive approach by publishing a white paper on domain name management. The document was published a few months ago in French and has since been made available in English.

The document covers all aspects of domain name management and starts from the very basics ie. what is a domain name and why it is important to you, and then moves onto provide some very useful tips that business people may need.

Some of the highlights:

• Keep domain contacts up to date - as Loic rightly points out this causes so many headaches!
• Domain administrators should actually be aware of their responsibilities - in a lot of cases in my experience the person registering the domain has no real interest in it and won't pay attention to correspondence once the domain is "live"

He also goes into detail on how people can use domains, which is important, as many people still seem to think that domains are websites!

If you have a few minutes to spare it's a good read and if, like me, you're getting tired of having to explain "basic" domain related concepts then this could save you a lot of time and hassle.

I'm always amazed at some of the things companies will do or try to do to get a bit of extra income.

According to a recent post by Frank Michlick, Verisign are considering selling access to the root server logs.

While this isn't as abhorrent as the redirect from a couple of years back, it still is cause for some level of concern.

However, if Frank's figures of what it will cost are anything to go by it won't be that attractive to most companies.