| By Ryan Russell |
A new vulnerability has been discovered in the basic design of the Web’s Domain Name System, prompting almost all of the DNS software vendors in the world to release a patch.
There are a couple of different ways to determine whether your DNS servers are vulnerable to this widespread problem.
Don’t wait to install these DNS patches
In her Patch Watch column last week, Susan Bradley described problems users of Check Point’s ZoneAlarm firewall program experienced following the release of Microsoft’s DNS patch two days earlier.
While that problem was bad enough for ZoneAlarm users, it will look like a minor hiccup compared to the potential DNS disaster waiting in the wings.
My friend and co-author Dan Kaminsky has been doing interesting DNS research for a number of years. Dan discovered a vulnerability that he claims makes DNS cache poisoning very practical. If attackers can poison your DNS cache, then they can redirect you to their evil servers whenever you try to go to www.microsoft.com, for example.
The entire process of resolving DNS names to IP addresses may be at risk. I’d like to give you all the gory details, but I don’t have them.