Home » Story links » Param's story links

Implicit Trust in DNS Servers

Link: http://www.symantec.com/enterprise/security_response/weblog/...
Points: 270 views User: Param Comments: 1 Comments Tag:

When you visit a Web site, you typically type the URL into the browser or click on a bookmark. In either case, the domain name (for example, "www.symantec.com") is sent to your domain name system (DNS) server. This server takes the domain name and sends back the server's address. This structure can lead to some interesting consequences.

How many people actually know which DNS server they're using? And, if they know which server they're using, how much do they trust the person or company running the server? The majority of networks are configured with dynamic host configuration protocol (DHCP). DHCP is a protocol that allows computers to broadcast a generic "configure me" message to the local network. Any server on the network can respond to the message, telling the computer which DNS server to use (among other things).

This problem is two-fold: first, there is no guarantee that the response is coming from the expected server. And second, even if it comes from the proper server, what guarantee does the user have that the DNS server provided is actually valid and secure?


Email: Email this Story to a Friend

I use OpenDNS

Submitted by Anonymous on Mon, 2007-10-15 16:56.

I use OpenDNS

From WikiPedia :

OpenDNS offers DNS resolution for consumers and businesses as an alternative to using their Internet service provider's DNS servers. By placing company servers in strategic locations and employing a large cache of the domain names, DNS queries are usually processed much more quickly, thereby increasing page retrieval speed. DNS query results are sometimes cached by the local operating system and/or applications, so this speed increase may not be noticeable with every request, but only with requests that are not stored in a local cache. Other features include a phishing filter and typo correction (for example, typing wikipedia.og instead of wikipedia.org). By collecting a list of malicious sites, OpenDNS blocks access to these sites when a user tries to access them through their service. OpenDNS recently launched Phishtank, where users around the world can submit and review suspected phishing sites.

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.