Fifth Annual DNS Survey Reveals Significant Internet Risk

Nearly 80% of Name Servers on the Public Internet Can Be Used as Vehicles for DDoS Attacks


SANTA CLARA, CA,--(Marketwire - November 16, 2009) - Infoblox Inc., a developer of appliance-based platforms that deliver DNS, DHCP and IPAM services, among others, and The Measurement Factory, experts in performance testing and protocol compliance, today announced results from the fifth-annual survey of domain name servers (DNS) on the public Internet.

Results indicate that use of Microsoft DNS Servers for external DNS is almost negligible, suggesting that many organizations understand the security risks of this approach and have migrated to a more secure option. However, while one potential threat has been addressed in recent years, another has reached an alarming high. There has been a dramatic increase in the percentage of external name servers that allow open access to recursion. These servers represent a significant risk to the Internet because they can be used maliciously to execute distributed denial of service (DDoS) attacks.

"This year's survey is a Pandora's box of both frightening and hopeful results," commented Cricket Liu, Vice President of Architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook, and others. "Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers of customer premises equipment (CPE) with embedded DNS functionality. This equipment represents a significant risk to the rest of the Internet, as without proper access controls, it facilitates enormous DDoS attacks."

DNS servers are essential network infrastructure that map domain names (e.g., yahoo.com) to IP addresses (e.g., 66.94.234.13), directing Internet inquiries to the appropriate location. Domain name resolution conducted by these servers is required to perform any Internet-related request, whether for Web browsing, email, ecommerce, or cloud computing. Should an enterprise or organization's DNS systems become compromised by attacks, the results can be devastating, ranging from loss of a company's Web presence, inability of employees to access any outside Web services, and perhaps most damaging, redirection of Web and email traffic to bogus sites, resulting in data loss, identity theft, ecommerce fraud and more.

Following are the key 2009 DNS survey results -- along with positive, negative, or neutral "consequence" ratings -- based on a sample that included 5 percent of the IPv4 address space, nearly 80 million addresses.

--  NEUTRAL:  There are an estimated 16.3 million name servers on the
    Internet; this represents a 40% increase in 2 years likely due to an
    explosion in the population of "non-traditional", proxy DNS servers
    embedded in broadband access devices or customer premises equipment (CPE).
    
--  VERY DISTURBING:  79.6% of the name servers are open to recursion;
    this represents a 27% increase in the last 2 years, likely related to the
    increase in proxy DNS servers in CPE.  Unfortunately, all these name
    servers can be used maliciously to execute DDoS attacks, posing a
    significant threat to the Internet.
    
--  POSITIVE:  Percentage of Microsoft DNS Servers is now almost
    negligible at .37%; this is likely due to greater awareness of the risks of
    exposing Windows computers to the Internet.
    
--  POSITIVE:  Percentage of zones with one or more name servers open to
    zone transfers decreased to 16% from 31% (in 2008); administrators are
    paying closer attention to configuration of external DNS servers, realizing
    that they need to configure ACLs to prevent zone transfers, which can leave
    them open to DOS attacks.
    
--  POSITIVE:  The number of DNSSEC signed zones increased significantly -
    by approximately 300%; this indicates that momentum in DNSSEC adoption is
    increasing.  This could be the result of greater awareness and adoption due
    to the Kaminsky vulnerability last year and support for DNSSEC signed in
    parent zones (.org).
    

Liu added, "I am pleased to see the adoption of DNSSEC accelerating and I hope to see this number increase substantially in the next year as more top-level zones are signed and as simplified solutions, such as Infoblox's DNS appliance platforms, help automate management of signed zones."

Call to Action

Based on these statistics, there are some clear calls to action for organizations with external DNS servers. All organizations should assess their DNS infrastructure and immediately take the necessary steps to make them more reliable and secure. Infoblox provides a number of free, automated tools that enable organizations to test their DNS infrastructure and identify weaknesses and vulnerabilities. These tools and many other resources, as well as the complete DNS Survey results are available on the Infoblox.com Web site at: http://www.infoblox.com/library/dns_resources.cfm. For more information about Infoblox solutions, visit: http://www.infoblox.com/solutions/.

For expert commentary on DNS, DHCP and IPAM related topics, visit: http://www.cricketondns.com/ and http://www.infra20.com/.

About Infoblox

Infoblox delivers highly reliable and manageable platforms for core network services like domain name resolution (DNS), IP address assignment (DHCP), IP address management (IPAM) and more. Infoblox solutions -- essential for the move from static networks to dynamic infrastructure and applications -- are used by over 3,200 organizations worldwide, including over 130 of the Fortune 500. The company is headquartered in Santa Clara, Calif., and operates in more than 30 countries.

About The Measurement Factory

The Measurement Factory provides a variety of products and services related to Internet testing and measurement, with a current focus on DNS, HTTP, and ICAP. Most of the Factory's products are available under open-source licenses. For more information, call +1-303-938-6863, email info@measurement-factory.com, or visit www.measurement-factory.com.

Contact Information: Media Contact: Jennifer Jasper Infoblox 408.625.4309