Secure64, which specializes in products designed to support the domain name system (DNS), has released the product to help prevent a condition in which the server's local list of domain name mappings is corrupted. Attackers create this condition by pretending to be another DNS server responding to a DNS query.
One of the best defenses against DNS cache poisoning is speed. The more queries that a DNS server can process, the less chance there is of an attacker swamping the system with spoofed queries and having a strained DNS server accept one of them. Secure64 DNS Cache can cope with 125 000 queries per second, the company said.
The product also sports other cache poisoning countermeasures, including an operating system called SourceT running on HP Integrity servers. The DNS server uses a completely different implementation to the standard BIND mechanism. It features SNMP traps, and logs abnormal conditions. It also includes a moving statistics feature to provide rolling updates of attack conditions.
"Under attack, the system can provide details to help administrators set upstream router filters to protect bandwidth," Secure64 said.
Other products from Secure64 include a DNS signer for DNSSEC implementation, and an authoritative server called DNS Authority. The company advised customers not to use Secure64 DNS Cache as an authoritative server. Instead, it can be set to forward queries to an RFC-compliant authoritiative server.
The Smart64 DNS Cache product is aimed at large volume DNS service providers. However, other companies have also been working to thwart DNS cache poisoning attacks. Google recently launched its own free DNS service for online lookups designed to prevent DNS-based attacks.