Home / Industry

Afilias Secures Millions of Internet Domains from BIND 9 Vulnerability with DNS Diversity Strategy

Afilias, a global provider of Internet infrastructure services, today announced that its DNS network, which supports approximately 10 percent of the Internet's domain names, is secure from the recently announced BIND 9 vulnerability that could cause a denial of service (DoS) attack against DNS name servers. Afilias' network and customers are protected by its DNS diversity strategy, which avoids single points of failure like sole reliance on a single DNS resolution software such as BIND.

"Afilias has a fundamental security strategy in place across our DNS operations that integrates diversity at every layer of our infrastructure. Most critical to this strategy is ensuring diversity in DNS software," said Ram Mohan, Executive Vice President and Chief Technology Officer. "An organization can build bigger hardware or expand its geographic footprint, but by running a single type of DNS software, whether open source or proprietary, they will always be completely vulnerable to zero day exploits like the one revealed this week with BIND."

Afilias' DNS network runs both BIND and NSD, two popular, proven and open source DNS resolution software brands. Running both software products synchronously ensures that Afilias can simply remove one from production while it is patched or upgraded, ensuring seamless DNS resolution and 100 percent uptime. The same cannot be said of systems using a single flavor of software, whether open source or proprietary.

The BIND security vulnerability announced by ISC on July 28th, enables an attacker to send a specially crafted Dynamic Update request that can crash a DNS name server. All organizations running BIND 9 are required to upgrade their version to 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. Afilias has already upgraded its version of BIND.
"Afilias supports large scale domains like .INFO and .ORG as well as our Managed DNS business, and serves billions of queries daily. Our DNS diversity strategy ensures that our network was never in jeopardy, and that the 15 million domain names we are responsible for were always accessible online," add Mohan.

Afilias has also published a new white paper entitled "5 Dimensions of Diversity: A Winning Strategy for Securing your DNS" which details its guidelines for how organizations can deploy diversity in their DNS networks to improve their security and reliability. The white paper can be downloaded here.

About BIND
Berkeley Internet Name Domain (BIND) is the industry standard software for domain name resolution services. In active service for over 20 years, BIND has survived the rapid expansion of the Internet and become more widely deployed than any other DNS software. As open-source software, unlike proprietary solutions, its code has been scrutinized, tested and battle-hardened by hundreds or thousands of programmers over the years.

About Afilias

Afilias

Afilias is the world's second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®. (Learn More)

Related topics: DNS, Registry Services, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Introducing the New .ORGANIC Domain: A Trusted, Credible Space for Organic Products on the Web

.WANG - 15,000 Registrations on Day One of General Availability

Afilias Announces Start of .BLACK Sunrise Period

Radix Launches Three New TLDs in Sunrise With Backing from 50+ Registrar Partners

.WANG General Availability Opens on June 30, 2014

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

.Press Domain Names - The Changing Face of Journalism

LogicBoxes Waives Upfront Fees for New gTLD Vertical Integration Solutions

Radix Announces .Website Launch Timeline

.Host Timeline Released As Pioneer Program Kicks Off

Verisign Named to the OTA's 2014 Online Trust Honor Roll

TLD Registry Sponsored Xinnet's Partner Conference in Nanjing

Afilias Selected for CIO 100 Award

Victorian Government & ARI Agree to Long-Term .melbourne Partnership

.WANG Enters Landrush This Week

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics