Have You Fixed Your Company's DNS Servers?


Erik Larkin on the Web

Security researcher Dan Kaminsky announced last week that a major bug affected DNS software, which translates human-usable domain names like "pcworld.com" into the IP addresses that computers use to find each other. DNS servers guide most all Internet traffic, and the odds are your company uses a number of such servers.

While the news on the flaw came out on the 8th, I know from experience how slow many companies can be to fix - or even discover - business-critical system flaws like these. So here's a quick way to tell if your company servers are at risk.

While browsing from a PC in your company network, head to Kaminsky's site and look for a button on the right named "Check My DNS." Click it. Easy, huh?

With luck, doing so reported (below the button) that your name server appears to be safe. If it didn't, then talk to your IT folks right away about patching your DNS servers. The US-CERT vulnerability report lists Cisco, Microsoft and Red Hat DNS implementations as vulnerable, along with many others.

This particular flaw is not yet under attack, but similar "cache poisoning" attacks have long been used to force anyone using a particular DNS server - which could mean your entire company - who attempts to visit any .com domain to an attack site instead, for instance. So be sure to patch your servers and get this fixed before you're targeted. Kaminsky took some heat initially for not providing corroborating evidence for his report, but has since received a peer-reviewed thumbs-up.

For the record, I use OpenDNS for my home network, and the company understandably crowed when they were not vulnerable to this flaw when it was first announced. OpenDNS offers a free service for home or business use.

For more details, see Kaminsky's site, along with a write-up from SecureWorks.


PC World - Business Center: Have You Fixed Your Company's DNS Servers?

1998-2007, PC World Communications, Inc.