Infoblox (News - Alert) and The Measurement Factory recently announced the results of the fifth edition of the annual survey of domain names on the public Internet. The results reveal that use of Microsoft (News - Alert) DNS Servers for external DNS is almost negligible.

Several businesses have recognized the security vulnerabilities involved and moved to a more secure option. The survey indicates that there has been a mass proliferation in the percentage of external name servers that allow open access to intruders. These external servers depict a major risk to the Internet because they can be used as vehicles of malice to implement distributed denial of service or “DDoS” attacks.

Cricket Liu, vice president of Architecture at Infoblox said, "Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers of customer premises equipment with embedded DNS functionality. This equipment represents a significant risk to the rest of the Internet, as without proper access controls, it facilitates enormous DDoS attacks."

The fifth annual DNS survey covered 5 percent of the IPV4 addresses which included nearly 80 million addresses. It assigned positive, negative and neutral ratings to various results and noted an estimated 16.3 million name servers on the Internet- a 40 percent jump in a 2 year period.

This was mainly on account of a proliferation of new age, proxy DNS servers inbuilt in broadband access devices or customer premises equipment. Termed as ‘Very Disturbing’ was that 79.6 percent of all name servers that were susceptible to malicious attacks. This was a 27 percent increase over the last 2 years, mainly on account of an increase in proxy DNS servers in CPE – as these name servers can be used to launch DDoS attacks.

There were some positive outcomes as well. The decline of the number of Microsoft DNS servers and the decrease in the percentage of zones which had one or more name servers available for zone transfers made networks less susceptible to DDoS attacks. Also, DNSSEC zones showed an increase of 300 percent - signaling a positive trend in DNSSEC uptake.