The Doom of DNS ?

Posted on by

It started a few days ago with an email from my Spam Service Provider, an automated message stating that it couldn’t find the proper MX records on my personal domain name (ShawnReed.Com).

Yesterday, after a glourious ride through Missourri and NW Arkansas (also saw the new BMW K1200S), I had several emails from TriumphRat.Net users on the US East Coast and the UK stating that they have been having problems accessing TriumphRat.Net.

Major ISPs were affected; Verizon, Comcast, and BT Internet.

This morning I received an email from my current DNS Service Provider (WorldNiC / Network Solutions):

Dear Shawn Reed,

Thank you for contacting Network Solutions.

We are currently experiencing a degradation of service on some of our servers. Our engineering team is aware of the issue and it is our top priority to resolve. We apologize for any inconvenience you may be experiencing.

Thank you for submitting your request to Network Solutions.

Sincerely,

Network Solutions Specialist
Network Solutions, LLC

While I have always believed the next large-scale Internet catastrophe will be a significant attack on DNS. What better way for one of Allah’s warriors to prove his worth by plunging the world back 20 years through a systematic murder of the world’s primary DNS NAPs.

Think of all the business done on the Internet today. If we were to set aside consumer eCommerce as un-important, there is still enough DNS-dependent traffic to cause a significant economic downturn in a matter of days (or hours).

Does your business or company use SSL-enabled web applications over the Internet, or maybe an SSL VPN? Or worse, your network admin has tied the resolution of your IP-Sec VPN to a DNS record.

The creator of DNS was recently quoted in NETWORK WORLD as stating that an attack on DNS would be futile, due to the multi-redudant systems making up the world’s DNS network. My dis-agreement with that assessment, up to now, has been due to the risk associated with running your own DNS server. Setting one up isn’t technically challenging, but keeping it from being hacked is. For me, one experience was enough to encourage others to always outsource DNS to a provider with a team and process in place to manage it.

Seems that recent events are proving that my forecast was right.

We need laws in place with specific punishments for DNS attacks:

  • Life sentences for US Citizens that hack (or attempt to hack) public DNS servers
  • Pre-Approved processes for US Intelligence Agencies to “recover” terrorists that do the same
  • Congressional backing to attack & invade countries that can’t control it

The WTC was a sad event, but killing DNS has far greater consequences. It’s time to wise up and make some changes!

Leave a Reply