Despite a real need, security extensions for the domain name system aren’t ready for widespread use.Say you type a host name, like www.yahoo .com. How do you know the IP address in the response really points to one of Yahoo (NSDQ: YHOO)’s servers and not a rogue?You don’t. In the past year, Symantec’s DeepSight system reported 25 vulnerabilities on various DNS servers and resolvers. In fact, there are a number of ways DNS can be subverted to provide bogus information. An attacker could gain access to the DNS server and change records or use one of the many publicly available tools to forge a response. He could insert bogus information into a DNS cache or add false information to your computer’s host name table, as we’ve seen with numerous worms and Trojans. Many of these attacks are difficult to pull off, and they’re often short-lived and relatively easy to detect and correct. Still, while they last, damage can be done.
http://informationweek.com/news/showArticle.jhtml?articleID=202601690
Tech Road Map: Secure DNS? Not Just Yet
Say you type a host name, like www.yahoo .com. How do you know the IP address in the response really points to one of Yahoo (NSDQ: YHOO)’s servers and not a rogue? You don’t. In the past year, Symantec’s DeepSight system reported 25 vulnerabilities on various DNS servers and resolvers. In fact, there are a number of ways DNS can be subverted to provide bogus information.