IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


 
 

 

Welcome to The Home of DNS Expert and QuickDNS Pro!

 

Survey Results - November '98

November Survey Highlights

The results of the November survey reveal that 75.6% of Internet zones have incorrect setup that can cause host lookup problems or cause problems accessing or providing basic Internet services. The results also show that about one in every three DNS servers on the Internet are vulnerable to spoofing attacks.

General findings from DNS Expert

# of zones (N=5000)

Percentage

With error(s) *

3778

75.6%

Without errors

1222

24,4%
* Read about the criteria in methodology


No server allowed zone transfer **

762

15.2%

Effect: For security reasons, an increasing number of companies are taking the option of blocking zone transfer.

Some server blocked zone transfer

1034

20.7%
** Although some companies block zone transfers, their zones can still be checked for certain errors e.g. lame delegations, whether their name servers are susceptible to spoofing, if their mail servers are up and running and if their zones do not contain MX records.


Spoofing vulnerability check by DNS Expert

# of servers (N=4184***)

Percentage

Name servers*** susceptible to spoofing

1344

32,1%

Effect: DNS spoofing can cause serious security problems for DNS servers vulnerable to such attacks.

Name servers not susceptible to spoofing

2840

67,9%
*** Responding name servers that contained authoritative data for the zones. Non-responding name servers have been excluded.

Find out everything about spoofing at our spoofing site.


Other common DNS setup errors

# of zones (N=5000)

Percentage

One or more name servers that were registered as being authoritative for the zones, but did not contain authoritative data (lame delegations)

1496

30%

Effect: Lame delegations are very common on the Internet and cause unnecessary DNS traffic, slow down DNS lookups and may cause DNS lookup failures.

Delegation data and zone data do not match

1236

24.7%

Effect: Incorrect delegation can lead to long resolution times, and in some cases it can cause information within the domain to be inaccessible.

A PTR record is missing for an A (address) record

964

19.3%

Effect: If a PTR record is missing for a host, a client running on that host may have problems getting access to some services on the Internet (FTP for example).

None of the authoritative name server answered

877

17.5%

Effect: It was not possible to get information about the zone from any of the servers that were listed as being authoritative for the zone which causes lookup failures when name servers try to look up data for the zone.

No MX record

469

9.4%

Effect: Having no MX records will cause mail delivery problems.

MX record refers to a CNAME record instead of an
A record

318

6.4%

Effect: This can cause mail delivery problems.

One of the mail servers that handle mail for the zone is not working properly

268

5.4%

Effect: A mail server that is not working properly can cause mail delivery problems.

One or more records in the zone refer to hosts whose names cannot be resolved

255

5.1%

Effect: It is not possible to access the referred hosts as they probably do not exist.

Survey - Home
DNS Security


Download DNS Expert

© Men&Mice 1996-2000. All rights reserved