Home / Industry

Afilias Secures Millions of Internet Domains from BIND 9 Vulnerability with DNS Diversity Strategy

Afilias, a global provider of Internet infrastructure services, today announced that its DNS network, which supports approximately 10 percent of the Internet's domain names, is secure from the recently announced BIND 9 vulnerability that could cause a denial of service (DoS) attack against DNS name servers. Afilias' network and customers are protected by its DNS diversity strategy, which avoids single points of failure like sole reliance on a single DNS resolution software such as BIND.

"Afilias has a fundamental security strategy in place across our DNS operations that integrates diversity at every layer of our infrastructure. Most critical to this strategy is ensuring diversity in DNS software," said Ram Mohan, Executive Vice President and Chief Technology Officer. "An organization can build bigger hardware or expand its geographic footprint, but by running a single type of DNS software, whether open source or proprietary, they will always be completely vulnerable to zero day exploits like the one revealed this week with BIND."

Afilias' DNS network runs both BIND and NSD, two popular, proven and open source DNS resolution software brands. Running both software products synchronously ensures that Afilias can simply remove one from production while it is patched or upgraded, ensuring seamless DNS resolution and 100 percent uptime. The same cannot be said of systems using a single flavor of software, whether open source or proprietary.

The BIND security vulnerability announced by ISC on July 28th, enables an attacker to send a specially crafted Dynamic Update request that can crash a DNS name server. All organizations running BIND 9 are required to upgrade their version to 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. Afilias has already upgraded its version of BIND.
"Afilias supports large scale domains like .INFO and .ORG as well as our Managed DNS business, and serves billions of queries daily. Our DNS diversity strategy ensures that our network was never in jeopardy, and that the 15 million domain names we are responsible for were always accessible online," add Mohan.

Afilias has also published a new white paper entitled "5 Dimensions of Diversity: A Winning Strategy for Securing your DNS" which details its guidelines for how organizations can deploy diversity in their DNS networks to improve their security and reliability. The white paper can be downloaded here.

About BIND
Berkeley Internet Name Domain (BIND) is the industry standard software for domain name resolution services. In active service for over 20 years, BIND has survived the rapid expansion of the Internet and become more widely deployed than any other DNS software. As open-source software, unlike proprietary solutions, its code has been scrutinized, tested and battle-hardened by hundreds or thousands of programmers over the years.

Afilias

About Afilias – Afilias is the world's second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®. Learn More

Related topics: Cybersecurity, DNS, Registry Services

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Radix's .TECH, .STORE, .ONLINE and .FUN Get Approval from the Chinese Government

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web