Providing Safe DNS Services to Our Customers

US CERT, The Computer Security Response Team, a division of the Department of Homeland Security, recently identified a vulnerability in recursive DNS servers. Recursive DNS servers are servers that, when they don’t know the IP address a domain name is tied to, will initiate a search for that IP address. CERT’s advisory states that its possible for an attacker to use this search step to redirect users from a legitimate website to a malicious one in a technique they’ve termed "cache poisoning" (InfoWeek has a great in-depth explanation here ).

Limelight Networks’ DNS Services are not affected by this vulnerability. Our operations and security teams designed the DNS Services we provide as "authoritative," which means that a complete copy of the DNS records are stored on our servers and there is no need to search for an IP address. We also do not provide external recursive DNS services for any domains. Therefore, our name servers are not vulnerable to the "cache poisoning" described by CERT. Finally, our teams work very close with the community to stay ahead of any issues that may arise so that we can continue to provide safe and reliable services to our customers.

If you are a customer and have any questions about this issue, or if you would like to know more about our security practices, please email support@llnw.com

Tags: security

This entry was posted on Thursday, July 10th, 2008 at 12:28 pm and is filed under Content Delivery Network. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.