There has been a story starting to brew about a serious DNS security flaw. The details of the flaw have finally been leaked here:
This is one of those problems that is easy to ignore, but could become a huge nightmare if left unchecked.
Essentially the flaw allows an attacker to redirect clients to a different IP address for a particular domain.
For example, when you go a website (Lets take www.chase.com as an example) the domain name is translated into an IP address. In this case that IP address is run by Chase and responds to your request. When someone exploits the flaw they could redirect www.chase.com to go to their server, and present a fake login.
This is a simple example, and the possibilities are much worse than that. Imagine an attacker redirecting *all* of your traffic through their server. They could then use this opportunity to push spyware to you with every page you visit.
Many of you may not have a choice, since your DNS may be run by your ISP, but if you are running Windows based DNS servers, I suggest installing the patch as soon as possible:
I wish I could say the patch works flawlessly, but some clients of ours have reported that it has caused issues with Active Directory. Still…most of these problems are far and few between and are usually due to an odd configuration…such as having a domain controller with 127.0.0.1 as its primary IP address.
So with that in mind I would make sure you deploy the patch after hours and do lots of testing.
One more thing – you can test your DNS server for the flaw by visiting http://www.doxpara.com/ on the right there is a button that says “Check My DNS” It will tell you if your DNS server is vulnerable to the flaw.