- The troubles Microsoft experienced with its websites last week show the Domain Name System (DNS) is a weak link in internet infrastructure.
Large corporations worry about distribution of website content, but forget about DNS, according to a specialised Icelandic company.
DNS software and consultancy firm Men & Mice over the weekend checked the website setup of 978 of the Fortune 1000 companies. "The results surprise us, 25% have a bad setup," says Men & Mice CEO Petur Petursson.
A survey of 5000 random sites in the dotcom domain -- sites with URLs ending with .com -- showed that about 38% had a shaky DNS configuration.
Software giant Microsoft last week paid the price for a poor DNS configuration when many of its online properties were inaccessible. First, because a technician made a costly mistake configuring a router and a day later due to a Denial of Service (DoS) attack.
Microsoft made itself vulnerable to attacks and outages by setting up its four DNS servers in one subnet, says Petursson. "It is not wise to put all name servers in one subnet. It can go down for various reasons; a network cable could be cut, there could be an attack, or a human error -- like a misconfigured router -- can cause an outage."
A subnet, short for subnetwork, is a separate part of an organisation's network. Typically subnets represent all systems connected in one location. Microsoft runs its four DNS servers in the same subnet, Men & Mice says.
Petursson explains: "If Microsoft had had a fifth DNS server outside its network and the four went out, traffic would automatically go to the fifth one. People would still be able to visit Microsoft's sites, with possibly some minor delays."
"All companies of that size (Fortune 1000) spend huge amounts of money to distribute load and content, but forget about DNS," says Petursson. "Sadly DNS is not secure enough, it's a threat. We don't really have a good solution."
Petursson did note a standardisation process is underway for so-called Secure DNS. "But this will take at least one more year," he says.
DNS servers translate domain names, such as Microsoft.com, into IP (Internet Protocol) addresses. The IP addresses are used to locate servers on a network. When the DNS goes down, locations on the network can no longer be found using the web addresses.
"It's only a minor effort to distribute DNS servers. Most companies do it; everybody should do it. Internet service providers can take care of it for a small fee as DNS does not require a lot of bandwidth," says Petursson.