IT managers cautioned over domain server set-ups

The U.S. government’s cybersecurity agency is urging IT managers to ensure that their domain name servers are fully redundant and dispersed at multiple locations in order to avoid potential disruptions to services such as Web browsing, remote access and e-mail.

In the December issue of a monthly publication called Highlights that’s posted on its Web site, the Washington, D.C.-based National Infrastructure Protection Center (NIPC) said the Domain Name System (DNS) is an often-overlooked single point of failure “presenting a risk of total loss of electronic connectivity” for users.

Domain name servers are used to translate Internet domain names from plain text into numeric IP addresses that can be read by computers. The major risk factors associated with failures of such machines are a lack of built-in redundancy, mis-configured servers and architectural flaws in the way the systems are set up on networks, according to the NIPC, which is affiliated with the FBI.

For example, the agency said many companies depend on just one domain name server to handle all Internet connectivity requests from end users.

In addition, companies that have multiple DNS servers sometimes put them all on the same network segment, the NIPC said. That could make the servers simultaneously unavailable if something happened to the network segment.

Microsoft Corp. learned that lesson in January when a faulty configuration change on a router and a series of denial-of-service attacks cut off access to its DNS servers, which were all housed on one section of the company’s network. Most Microsoft Web sites were unavailable for parts of several days.

A surprisingly large number of U.S. companies make such mistakes, the NIPC said, citing data from Men & Mice, a Reykjavik, Iceland-based research and consulting firm that specializes in DNS issues.

In a survey conducted in late September, Men & Mice discovered that as many as 250 of the Fortune 1,000 companies had all of their domain name servers on the same subnet, said Jon Adalsteinsson, the consulting firm’s chairman.

“Companies have redundant Web servers and (round-the-clock) monitoring and on-call service, but they forget about the DNS servers that control access to all of this,” he said. “If the DNS goes down, all of the other redundancy doesn’t even come into play.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now