The recently exposed denial-of-service vulnerability in a popular DNS server implementation really highlights the benefits of software providers writing and owning the software that they deliver to internet service providers. The flaw in the software allowed hackers to potentially crash DNS servers, effectively allowing them to take huge sections of the internet offline. As we have highlighted previously, DNS is an absolutely critical part of the internet and it’s tremendously important to ensure its smooth running.
As a customer, the best way to secure your DNS servers is to make sure that your software provider is in full control of the product that they deliver. No software, including PowerDNS, is free from occasional security issues. However, companies that haven’t written the core software they deliver and who simply repackage other providers’ products with additional services, are on the back foot when it comes to security issues.
The problem is that when a security flaw emerges, these companies are unable to fix it themselves. Instead they have to wait for the original providers to issue a suitable and effective patch. With security issues, the speed with which you can fix vulnerabilities is crucial. Often these companies are not on friendly terms with their ‘upstream’ (which may view them as competition!) or they have no contractual/financial agreement with them to fix these bugs and so customers are left vulnerable for a prolonged period of time.
So by definition, if you rely on a DNS vendor or appliance that repackages a third party DNS server, you are getting second-tier, second-hand support – at best.
Security breaches are one of the biggest sources of reputational damage for organisations. Customers will be unimpressed by the loss of their data or the inability to access your services but moreover, it reflects badly on the management decisions of a business that fails to take proper measures to secure their service.
Here at PowerDNS we understand the benefit of authoring, supporting and distributing our own product: we can always act quickly to ensure our software stays free from performance impacting bugs and patched against the latest security vulnerabilities.
Make sure you ask your DNS vendor if they can do the same!