Security Portal: DNS Server InfrastructureFeb 04, 2001, 13:43 (0 Talkback[s])
(Other stories by Kurt Seifried)
"It's funny to see the Internet sneaking up on businesses and becoming a critical component, without many people seeming to realize it. Many businesses now rely heavily on email as a messaging system, and use Web servers to distribute corporate data and allow access to a variety of services."
"All these services rely on DNS. DNS is the directory to the Internet; it maps names such as www.securityportal.com to IP addresses such as 184.108.40.206. To see a Fortune 100 company such as Microsoft suffer a multi-day outage because its DNS infrastructure was not up to the task is disturbing indeed."
"In the past we've run several articles on DNS security, and by and large most organizations have begun to pay attention to these issues and address them. However, a significant part of security is availability. While preventing an attacker from accessing sensitive data is definitely a security goal, allowing an attacker to deny access to that resource, for everybody, can be a significant problem."
"Even if your Web servers are in tip-top shape, the firewalls are doing their job, and your backend application servers and databases are in perfect order, none of this matters if an attacker manages to take out your DNS servers. Without DNS servers no one on the Internet will be able to find your servers. Would you be able to remember 220.127.116.11, 18.104.22.168 or 22.214.171.124? Of course not, but you can remember fedex.com, ups.com and usps.com."
"Worse yet, without your DNS servers internal services may not work properly, email deliveries can fail, and access to servers will time out as DNS queries fail."