RSS Alerts

Share

More services

Related Links

Related Stories

  • DNSSEC encrypted domain technology gets welcome boost
    Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.
  • Misconfigured modems leave web open to DDoS attacks
    Poorly configured cable and DSL modems are leaving the internet open to distributed denial of service (DDoS) attacks based on rogue DNS queries, according to research to be released this week by Infoblox.
  • Infosecurity - the week in brief
    Black Hat DC This week, Black Hat DC was on in Arlington, VA. Moxie Marlinspike announced a new attack against SSL that forces HTTPS traffic into HTTP to allow a man in the middle attack. Dan Kaminsky, who discovered the infamous DNS flaw last year and criticized SSL at the the time, reacts here. He also resolved at the conference to take two months off work to promote the adoption of DNSSEC - a more secure DNS standard that has not been widely implemented.
  • Google and Neustar propose security fix for DNS geolocation technology
    Google and DNS provider Neustar have jointly proposed an extension to the DNS protocol that would fix many of its security problems.
  • Infosecurity Weekly Brief - May 18 2009
    Infections, Intrusions, Protections and Misdirections

Top 5 Stories

News

Google launches DNS service

07 December 2009

Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing.

The Domain Name System is the protocol used to resolve web domain names to the IP addresses of their associated servers. Generally, an ISP will provide its own DNS servers for customers to use, although there are many open DNS servers available online that do not authenticate their users. However, the DNS protocol has recently been the target of several attacks.

Google hopes that its DNS servers will prevent such attacks, including 'DNS poisoning', in which attackers can insert fraudulent DNS records into a DNS server's cache. In this attack, a malicious user will send a DNS server a query for a domain that the server is unlikely to be authoritative for. The server then refers the query to another DNS server, further up the hierarchical chain of DNS servers.

In the meantime, the attacker floods the original DNS server with fake responses appearing to come from the queried machine. The original DNS server believes the fake response and populates its cache with the attacker's incorrect DNS record.

Google said that it has implemented several features in its own DNS servers designed to stop these and other attacks. They include protecting against the classic buffer overflow errors, overprovisioning server resources, and limiting the rate at which queries can be made (thus reducing the likelihood of denial of service attacks).

In August last year, Dan Kaminskhy of IOActive unveiled a core design flaw in the DNS protocol that would allow attackers to spoof any DNS entity, up to and including top level domains such as .com. This effectively meant that a skilled attacker could effectively take over the web. Kaminsky worked with a large number of key companies to help develop an interim patch to stop such attacks occuring, although the design flaw in DNS still exists.

Google is not the only organization providing free DNS services designed to enhance security. OpenDNS offers a free service that alerts users when they attempt to surf to a known phishing site using its DNS servers.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012