One in four DNS servers are still vulnerable to the Kaminsky flaw, according an annual survey of DNS servers conducted by network services vendor Infoblox and Internet testing and measurement group, The Measurement Factory.

"Given the heightened awareness of DNS server vulnerabilities due to the recent Kaminsky discovery, it is surprising to see how many organizations are still leaving their DNS systems as potential victims of attack," said Cricket Liu, Vice President of Architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook, and DNS on Windows Server 2003. "Even if an enterprise has gone to the trouble of patching against the Kaminsky vulnerability, there are many other aspects of configuration, like recursion and open zone transfers, that should also be secured. If not, organizations are essentially locking their door to their house, but leaving the windows wide open. Organizations clearly need to pay more attention to configurations and deployment architectures that are leaving their DNS infrastructures vulnerable to attacks and outages."

Read full story: Network World

Related topics: DNS, Security