The Kaminsky DNS Flaw
You may or may not have heard about the recent flaw discovered in DNS system by a researcher named Dan Kaminsky.
Recently, ISP Planet spoke with Rick Yazwinski our principal engineer, to talk about the exploit, and about the impact its discovery had on the industry. You can read that article here.
We also wanted to take a minute or two to reassure our customers that we’ve taken the appropriate measures to ensure that our DNS system is safe from this exploit. Garrick Lau, who is responsible for IT Security and Compliance at Tucows, explains:
“This exploit targets “recursive” DNS setups as they are susceptible to this DNS design flaw. Authoritative DNS servers are NOT susceptible to this flaw. All of the Tucows DNS servers that are serving customers are Authoritative DNS servers.”
Garrick adds, “We were notified of this exploit back in June, during the last MAAWG (Messaging Anti-Abuse Working Group). This notification came well before the exploit was public knowledge and at about the same time as Dan Kaminsky was briefing U.S. Homeland Security. At that time, various venders were hard at work creating patches for this flaw. This early warning gave us ample time to verify that all of our external facing DNS servers are all Authoritative and that Tucows and our resellers (and by extension, our resellers’ customers) are safe from this flaw.”