This is a topic that just isn't getting the attention it deserves considering that it's a fundamental underpinning of the Internet as we know it today. Most of the DNS servers out there run BIND despite that fact that almost all of these implementations have at least 1 of a dozen known security vulnerabilities... which in itself would be a manageable issue were it not for the fact that most DNS servers run outside of a firewalled environment. It's no wonder that hackers have infiltrated so many DNS servers.
Link: DNS - The achilles heel of the Internet.
CNET has a good article on the vulnerability of the Internet to DNS cache poisoning attacks. Turns out that more than 10% of DNS servers could already be compromised and I think its very important that ISP's and enterprises fix this problem immediately.
Comments