Do You Need To Fix Your DNS Resolvers?

By , April 1, 2012

( User Level: Basic / Intermediate )

The other day we sent out our primer on the three different types of nameservers and why it serves your interests to know them and what role each one plays. In this post we concern ourselves with Resolvers – those nameservers we all use that do all the DNS lookups we require to conduct our routine activities on the internet.

DNS Changer: A Racket To Intercept Your DNS Queries

Paul Vixie (creator of the bind software that powers the vast majority of nameservers on the internet) recently related the story of “DNS Changer” and the role of his organization in taking it down. It reads like something out of a Tom Clancy novel, only this really happened:

A criminal organization created malware (hostile computer code) to infect end-user computers. What it would do is update the end-user computer configuration to stop using their normal nameserver resolvers, and start using the attackers malevolent poison nameservers. They would then alter the DNS responses sent back from those nameservers, and had the ability to send victims to completely different destinations than they actually intended (CNET published this story about DNS Changer in November)

The Good News

The DNS Changer nameservers were taken down by the FBI in November 2011, and six Estonian nationals were arrested. The network of hostile nameservers was shutdown.

The Bad News

Because we all need DNS resolvers to be able to function on the internet in any capacity, shutting off the malicious nameservers entirely would result in all infected users being paralyzed and unable to do anything online. With the number of infected computers estimated to be in excess of 500,000, this would have resulted in chaos.

This is why the ISC was commissioned by the FBI to drop in replacement DNS resolvers to the shut down DNS changers. They were given a mandate by Federal Court to operate these replacement nameservers but that mandate runs out in July. It’s already been extended once, but it will not be again.

So anybody still infected after July 9, 2012 will find themselves unable to function on the internet come July 10.

Is Your Computer Infected?

Paul Vixie and security researcher Andrew Fried created a simple online utility to check if your computer is infected. Take a few seconds now to check and you’ll be sure.

This article was sent to the Domain Insights by the easyDNS Guy mailing list. Feel free to join below.


Leave a Reply