'Net Features : dns

DiscoveryDNS Offers Greater Control Over DNS Systems

Michael Garrity — Tue, 16 Apr 2013 16:35:00 GMT

Last October, ARI Registry Services announced plans to expand its line of DNS services, and on Sunday, at ICANN’s 46th public meeting in Beijing, ARI took the next step by unveiling its new DiscoveryDNS brand.

DiscoveryDNS is a managed DNS service meant to help customers handle the challenges, risks and opportunities available in modern, dynamic business and technical environments.

According to the CTO of ARI Registry Services, Chris Wright, “Our mission is to change the way the market perceives outsourced DNS services by providing predictability, transparency, superior technical capability and trust.”

In order to give top-level domain (TLD) operators greater control and transparency when managing their DNS system, DiscoveryDNS offers them access to the raw packet capture (PCAP) files for all of their DNS queries.

However, at first, DiscoveryDNS will only be providing services for new TLD applicants and country code TLD operators; eventually, ARI plans to expand the service with a new product intended for Registrars, ISPs and hosting providers.

At present, DiscoveryDNS boasts over 475 new TLD applications as its foundational clients, which already makes it one of the world’s largest DNS providers, per TLD, once delegation is completed.

Learn to Mitigate DDoS Attacks

Amberly Dressler — Wed, 20 Mar 2013 15:30:00 GMT

Despite being a method which has been used for more than a decade, Distributed Reflection Denial of Service (DrDoS) attacks have recently surged in popularity across a number of verticals.

Prolexic, which provides DDoS protection services, recently launched the first of several white papers that discusses and analyzes Domain Name System (DNS) Reflection attacks, specifically.

According to Prolexic, the DNS Reflection DrDoS technique exploits security weaknesses in the DNS Internet protocol, an important Internet feature that allows the public to type in human-friendly domain names instead of numerical IP addresses to access websites.

“DNS Reflection DrDoS attacks are an overlooked but dangerous DDoS attack method,” said Stuart Scholly, Prolexic President. “Prolexic is releasing this white paper to help make DNS server administrators, IT administrators and business leaders aware of this potential security threat against their networks. In addition, the white paper can help victims understand the technical details of what took place, so they can more quickly mitigate these kinds of DDoS attacks in the future.”

Prolexic explains this type of threat as when a cyberattacker leverages zombie computers in a botnet to send domain name requests to DNS servers in a way that causes DNS servers to send a flood of responses to a targeted domain. This kind of DrDoS attack can overwhelm and slow response times, or completely stop legitimate user access, and affects both the DNS servers and the targeted domain.

Additionally, a DNS Reflection attack is relatively easy for cybercriminals to launch, and takes advantage of security loopholes in the DNS protocol, the Prolexic Security Engineering and Response Team (PLXsert) warns. What’s more, it is difficult to pinpoint the source of a reflected DDoS attack, offering anonymity to the attacker.

The DNS Reflection Attack white paper explains DNS and how an attacker exploits the protocol to cause an outage. The white paper is available free of charge at www.prolexic.com/drdos.

Test DNS Servers Against Known Security Flaw

Pete Prestipino — Tue, 15 Jul 2008 14:01:00 GMT

DNSstuff.com today announced DNS Vulnerability Check, a tool that verifies whether DNS servers are vulnerable to the critical DNS flaw. This flaw allows attackers to poison a DNS server cache by injecting it with forged data -- making it such a significant flaw that the government's cyber security arm, and 80 vendors including Nominum, Microsoft and Cisco, coordinated together to issue a patch. The tool is free and will be available tomorrow at www.dnsstuff.com.

"This particular DNS attack is without a doubt the most dangerous discovered in the DNS to date," said Paul Mockapetris, Inventor of DNS. "It is imperative that IT managers for organizations Worldwide update their DNS software right away. The update on caching servers' perimeters will ensure optimal performance, and the new tool provided by DNSstuff.com is just what companies need to stay on top of their DNS, and prevent them from becoming victims of damaging exploits such as the one discovered by Kaminsky." (regarding Dan Kaminsky, Director of Penetration Testing for IOActive)