 |
||||
 | |
| ||
|
||||
| ||||
|
|
||||
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.
Storage
WAN Services
Web/e-commerce
Wireless/Mobile
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings
Web/E-business /
Survey: 25% of Fortune 1000 has bad DNS setup
 
|
|||
 | |||
|
The troubles Microsoft last week experienced with its Web sites show the Domain Name System is a weak link in Internet infrastructure. Large corporations worry about distribution of Web site content, but forget about DNS, according to a specialized Icelandic company.
DNS software and consultancy firm Men & Mice over the weekend checked the Web site setup of 978 of the Fortune 1000 companies. "The results surprise us, 25% have a bad setup," Men & Mice CEO Petur Petursson said.
A survey of 5,000 random sites in the dot-com domain - sites with URLs ending with .com - showed that about 38% had a shaky DNS configuration.
Software giant Microsoft last week paid the price for a poor DNS configuration when many of its online properties were inaccessible. First, because a technician made a costly mistake configuring a router, and a day later due to a denial-of-service attack, Microsoft said.
Microsoft made itself vulnerable to attacks and outages by setting up its four DNS servers in one subnet, Petursson said. "It is not wise to put all name servers in one subnet. It can go down for various reasons; a network cable could be cut, there could be an attack, or a human error - like a misconfigured router - can cause an outage."
A subnet, short for subnetwork, is a separate part of an organization's network. Typically subnets represent all systems connected in one location. Microsoft runs its four DNS servers in the same subnet, Men & Mice said.
Petursson explained: "If Microsoft had had a fifth DNS server outside its network and the four went out, traffic would automatically go to the fifth one. People would still be able to visit Microsoft's sites, with possibly some minor delays."
"All companies of that size [Fortune 1000] spend huge amounts of money to distribute load and content, but forget about DNS," Petursson said. "Sadly DNS is not secure enough, it's a threat. We don't really have a good solution."
Petursson did note a standardization process is underway for so-called Secure DNS. "But this will take at least one more year," he said.
DNS servers translate domain names, such as Microsoft.com, into IP addresses. The IP addresses are used to locate servers on a network. When the DNS goes down, locations on the network can no longer be found using the Web addresses.
"It's only a minor effort to distribute DNS servers. Most companies do it; everybody should do it. ISPs can take care of it for a small fee as DNS does not require a lot of bandwidth," Petursson said.
Men & Mice in Reykjavik, Iceland is at www.menandmice.com/.
The IDG News Service is a Network World affiliate.
Related Links
 |
 |
 |
|||||
|
|
|
|
|
|||
