Study: Vulnerable DNS software widely used

Many large companies use vulnerable versions of software that maps text-based Internet domain names to numeric IP (Internet Protocol) addresses, putting them at risk of becoming unreachable on the Internet.

About 14 percent, or 139, of Fortune 1000 companies run a version of BIND (Berkeley Internet Name Domain) DNS (Domain Name System) software with known vulnerabilities, according to a test conducted late last week, at the request of the IDG News Service, by DNS software and consultancy firm Men & Mice Inc. of Reykjavik, Iceland.

About half of the vulnerable companies run BIND 9 prior to version 9.2.1, recently found to be vulnerable to a denial of service attack. The U.S. Computer Emergency Response Team (CERT) warned of the flaw last Tuesday and urged users to either patch the flaw or upgrade to BIND 9.2.1, which was released on May 1. BIND is distributed for free by the Internet Software Consortium.

If all of a company’s DNS servers go down, the company would effectively disappear from the Internet. The company’s Web site becomes unreachable and inbound e-mail sent to the affected domain will bounce back.

Experts advise users to diversify and to make sure that DNS servers are located in different network segments.

“Having some of the name servers running a vulnerable version of BIND constitutes a security threat, having all the name servers run vulnerable BIND is a severe security threat that could turn into a million dollar disaster,” said Men & Mice Chief Executive Officer Petur Petursson, adding that 35 of the Fortune 1000 use multiple vulnerable BIND versions.

The vast majority of DNS servers run BIND, and this lack of diversity makes DNS a weak link in the Internet’s infrastructure, according to Men & Mice. The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that oversees the Internet’s addressing system, has formed a security committee aimed, in part, at examining DNS security holes.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now