Tuesday, August 05, 2008

DNS attack and speed of response

OK, there's a attack vector using cache poisoning to attack DNS servers doing the rounds at the moment. But there are also patches for DNS server operators to apply. So you would expect that major ISP's would have reacted with speed right? Concern for customers, be seen to be doing the right thing, etc etc. Well, wrong. I learned via The Reg, linking to Dan Kaminsky's site that my ISP, Nildram, is still not patched. And indeed, we were seeing some weird behaviour resolving web sites over the weekend. Could just have been coincidence, but who knows. So what do do? Short term, I've switched the DNS servers on my DSL router to OpenDNS. And I needed to check all the machines in the house were picking up the new DNS server addresses – the Linux machines had cached references to the ISP's DNS. Medium term I'm going to change ISP, probably to Zen Internet. Broadband provision itself is pretty much a commodity, so vendors distinguish themselves on price and support. Nildram is cheaper than many, but failing to respond to major security vulnerabilities pushes me over my tipping point.