<div dir="ltr"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; "><h3 style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; font-weight: bold; text-align: left; font-size: 1.538em; line-height: 1.4em; ">
<a href="http://www.circleid.com/posts/dns_survey_results_pandora_box_of_both_frightening_and_hopeful_results/" class="blue" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: none; ">DNS Survey Results Pandora's Box of Both Frightening and Hopeful Results, Says Cricket Liu</a></h3>
<div class="date pipedLinks" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 5px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; overflow-x: hidden; overflow-y: hidden; width: 1223px; font-size: 0.923em; ">
<ul style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; list-style-type: none; list-style-position: initial; list-style-image: initial; ">
<a href="http://www.circleid.com/posts/print/dns_survey_results_pandora_box_of_both_frightening_and_hopeful_results/">http://www.circleid.com/posts/print/dns_survey_results_pandora_box_of_both_frightening_and_hopeful_results/</a></ul>
<ul style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; list-style-type: none; list-style-position: initial; list-style-image: initial; ">
<a href="http://www.circleid.com/posts/print/dns_survey_results_pandora_box_of_both_frightening_and_hopeful_results/"></a><br><li style="padding-top: 0px; padding-right: 6px; padding-bottom: 0px; padding-left: 5px; margin-top: 0px; margin-right: 6px; margin-bottom: 0px; margin-left: -6px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 1px; border-style: initial; border-color: initial; line-height: 1.3em; list-style-type: none; list-style-position: initial; list-style-image: initial; border-left-style: solid; border-left-color: rgb(187, 187, 187); float: left; ">
Nov 16, 2009 3:23 PM PST</li><li style="padding-top: 0px; padding-right: 6px; padding-bottom: 0px; padding-left: 5px; margin-top: 0px; margin-right: 6px; margin-bottom: 0px; margin-left: -6px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 1px; border-style: initial; border-color: initial; line-height: 1.3em; list-style-type: none; list-style-position: initial; list-style-image: initial; border-left-style: solid; border-left-color: rgb(187, 187, 187); float: left; ">
Comments: <a href="http://www.circleid.com/posts/print/dns_survey_results_pandora_box_of_both_frightening_and_hopeful_results/#comments" class="blue" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: none; ">0</a></li>
<li style="padding-top: 0px; padding-right: 6px; padding-bottom: 0px; padding-left: 5px; margin-top: 0px; margin-right: 6px; margin-bottom: 0px; margin-left: -6px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 1px; border-style: initial; border-color: initial; line-height: 1.3em; list-style-type: none; list-style-position: initial; list-style-image: initial; border-left-style: solid; border-left-color: rgb(187, 187, 187); float: left; ">
Views: 303</li></ul></div><div class="byline" style="padding-top: 15px; padding-right: 0px; padding-bottom: 10px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; border-style: initial; border-color: initial; font-size: 0.923em; border-bottom-style: solid; border-bottom-color: rgb(229, 229, 229); ">
By <a href="http://www.circleid.com/members/501/" class="blue" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: none; "><strong>CircleID Reporter</strong></a></div>
<div class="body" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; ">
<p style="padding-top: 0px; padding-right: 0px; padding-bottom: 1em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
The fifth-annual survey of domain name servers (DNS) on the public Internet—called a "Pandora's box of both frightening and hopeful results"—was released today by <a href="http://www.measurement-factory.com/" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: underline; ">The Measurement Factory</a> in partnership with Infoblox. Cricket Liu, Vice President of Architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook says: "Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers of customer premises equipment (CPE) with embedded DNS functionality. This equipment represents a significant risk to the rest of the Internet, as without proper access controls, it facilitates enormous DDoS attacks."</p>
<p style="padding-top: 0px; padding-right: 0px; padding-bottom: 1em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
Following are the key 2009 DNS survey results from the survey—along with positive, negative, or neutral "consequence" ratings—based on a sample that included 5 percent of the IPv4 address space, nearly 80 million addresses.</p>
<ul style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; ">
<li style="padding-top: 0px; padding-right: 0px; padding-bottom: 0.8em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 3em; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>NEUTRAL: There are an estimated 16.3 million name servers on the Internet;</strong> this represents a 40% increase in 2 years likely due to an explosion in the population of "non-traditional", proxy DNS servers embedded in broadband access devices or customer premises equipment (CPE).</li>
<li style="padding-top: 0px; padding-right: 0px; padding-bottom: 0.8em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 3em; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>VERY DISTURBING: 79.6% of the name servers are open to recursion;</strong> this represents a 27% increase in the last 2 years, likely related to the increase in proxy DNS servers in CPE. Unfortunately, all these name servers can be used maliciously to execute DDOS attacks, posing a significant threat to the Internet.</li>
<li style="padding-top: 0px; padding-right: 0px; padding-bottom: 0.8em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 3em; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>POSITIVE: Percentage of Microsoft DNS Servers is now almost negligible at .37%; </strong>this is likely due to greater awareness of the risks of exposing Windows computers to the Internet.</li><li style="padding-top: 0px; padding-right: 0px; padding-bottom: 0.8em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 3em; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>POSITIVE: Percentage of zones with one or more name servers open to zone transfers decreased to 16% from 31%</strong> (in 2008); administrators are paying closer attention to configuration of external DNS servers, realizing that they need to configure ACLs to prevent zone transfers, which can leave them open to DOS attacks.</li>
<li style="padding-top: 0px; padding-right: 0px; padding-bottom: 0.8em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 3em; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>POSITIVE: The number of DNSSEC signed zones increased significantly—by approximately 300%; </strong>this indicates that momentum in DNSSEC adoption is increasing. This could be the result of greater awareness and adoption due to the Kaminsky vulnerability last year and support for DNSSEC signed in parent zones (.org).</li>
</ul><p style="padding-top: 0px; padding-right: 0px; padding-bottom: 1em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>Related Links:</strong> <a href="http://www.infoblox.com/library/pdf/2009-DNS-survey-result.pdf" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: underline; ">Executive Summary</a>, <a href="http://www.infoblox.com/news/release.cfm?ID=149" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: underline; ">Press Release</a></p>
<p style="padding-top: 0px; padding-right: 0px; padding-bottom: 1em; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; line-height: 1.4em; ">
<strong>Related topics:</strong> <a href="http://www.circleid.com/topics/dns" class="blue" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: underline; ">DNS</a>, <a href="http://www.circleid.com/topics/dnssec" class="blue" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: underline; ">DNSSEC</a>, <a href="http://www.circleid.com/topics/security" class="blue" style="outline-style: none; outline-width: initial; outline-color: initial; color: rgb(0, 51, 102); text-decoration: underline; ">Security</a></p>
</div></span>
</div>