Attacks to our DNS system, how vulnerable is the internet ?
Most of you already know that one of my default replies to a question is "It's a DNS Problem" , and lots of you already came back afterwards confirming that I indeed was right.
Apart from configuration errors and performance issues , there are more issues on the internet that are DNS related.
Spam is one of them .. one of the main reasons behind spam is that other than an MX record to send mail to, the original mail architecture did not provide us with a way to guarantee that mails were actually coming from
the domain they claim to come from. Luckily today we have openSPF and other techniques that are helping us , however not widespread enough ..
Think about the bad things that can happen when someone can take over your DNS server... yep.. that kind of stuff...
Or even worse .. think about what happens if you ask for the IP address for a server and get no reply... do you still know the IP address of your mailserver, default gateway, or even DNS server ?
So what happens when the idiots that think we are interrested in their spam feel attacked by a company that tries to help us fight spam start fighting the company by attacking their ISP's DNS servers ?
Indeed they get caught and are forced to manually reply to DNS requests for the rest of their lives .. oh no.. that's not reality :( They actually bring some DNS servers down by sending it more traffic than the ISP's network can ever handle.
The dns system is one of the most important parts of todays internet .. yet it is broken as ...
I spend lots of time thinking how we could fix it... and I`m probably not the only one .. so what are your ideas ?
Anyway... if you want to read on about an actually story with this sad story line go
here