-- 90% of name servers that run BIND run one of the most recent versions of BIND 9; a small but significant number of administrators continue to run older versions of BIND on Internet-facing name servers, putting their organizations at risk. -- Only .17% still rely on Microsoft DNS Server, down from 2.7% (2007); usage of unsecure Microsoft DNS Servers connected to the Internet is vanishing. -- Support for Sender Protection Framework (SPF) within DNS for spam reduction increased from 12.6% of zones sampled to 16.7%; despite the complexity of SPF configuration, validating email senders is increasing in importance and organizations are taking email fraud seriously.BAD NEWS
-- One in four DNS servers does not perform source port randomization -- the "patch" for "the Kaminsky vulnerability"; the effort by vendors and the Internet's DNS community to encourage administrators to upgrade their name servers after the announcement of the Kaminsky vulnerability paid off; however, a surprising number have not been upgraded and are very vulnerable to cache poisoning. -- More than 40% of Internet name servers allow recursive queries; there are still millions of open recursors on the Internet, a danger both to themselves and others -- they are vulnerable to cache poisoning and Distributed Denial of Service attacks. -- 30% of DNS servers surveyed allow zone transfers to arbitrary requestors; this leaves servers as easy targets for denial-of-service attacks. -- Only .002% of DNS zones tested support DNSSEC; administrators have not been convinced of its importance -- perhaps intimidated by its complexity -- but new mandates could mean a significant change in the near future.MISC.
-- Usage of IPv6 name servers continues to increase from .27% to .44%; while enterprises are investigating IPv6 and concerned about increasingly scarce IPv4 address space, adoption of IPv6 is still low -- address scarcity isn't yet considered a serious concern and they feel no urgency to adopt IPv6.Call to Action Based on these statistics, there are some clear calls to action for organizations with external DNS servers. Instead of waiting until they are attacked, all organizations should assess their DNS infrastructure and immediately take the necessary steps to make them more reliable and secure. Infoblox provides a number of free, automated tools that enable organizations to test their DNS infrastructure and identify weaknesses and vulnerabilities. These tools and many other resources, as well as the complete DNS Survey results are available on the Infoblox.com Web site at: http://www.infoblox.com/library/dns_resources.cfm. About Infoblox Infoblox appliances deliver utility-grade core network services, including domain name resolution (DNS), IP address assignment and management (IPAM/DHCP), authentication (RADIUS) and related services. Infoblox solutions, which provide the essential "glue" between networks and applications, are used by over 2,300 organizations worldwide, including over 100 of the Fortune 500. The company is headquartered in Santa Clara, Calif., and operates in more than 30 countries. For more information, call +1.408.625.4200, email info@infoblox.com, or visit www.infoblox.com. About The Measurement Factory The Measurement Factory provides a variety of products and services related to Internet testing and measurement, with a current focus on DNS, HTTP, and ICAP. Most of the Factory's products are available under open-source licenses. For more information, call +1-303-938-6863, email info@measurement-factory.com, or visit www.measurement-factory.com.
Contact Information: PRESS RELEASE Media Contacts: Jennifer Jasper Infoblox 408.625.4309