Probably not, but here’s a way to check.
You may have heard about recently discovered vulnerabilities in the DNS system that take advantage of recursive DNS to allow DNS cache poisoning. Spare the technical details: basically, if the nameserver your domain is hosted on is vulnerable, cybercriminals could redirect traffic meant for your site to a different web page.
Many domainers don’t own web sites, but they certainly have their domains parked on other people’s name servers. Are you vulnerable? Internet Assigned Numbers Authority (IANA) has a new tool available to find out.
I tested the nameservers for many of the parking companies and found they are safe: Parked.com, Sedo, and Dotzup.
The test could not determine if my DomainSponsor parked domains were OK because of the way the nameservers are set up. However, my domains on the old TrafficClub nameserver (now part of DomainSponsor) tested fine.
TrafficZ’s main nameserver ns1.trafficz.com apparently has some vulnerability, but the tool says it’s low risk. I found a similar result with mini-site development companies Evolanding and WhyPark. (Update: WhyPark informs me that it has fixed the issue. Their nameservers are showing as ‘safe’ with IANA’s tool now. Update 2: TrafficZ has confirmed that is removed recursive lookups and had safeguards in effect to prevent exploitations.)
You should take these findings with a grain of salt. The IANA tool has a disclaimer “This tool has been implemented quickly to assist name server operators. It may have problems as it has not been thoroughly tested, so you should also perform your own tests and use this only as a guide.”
But if any of the technical teams from these parking companies wants to comment about what they have done since this vulnerability was exposed, please comment.
Craig Rowe says
Andrew – We’re fixed on our end at WhyPark and have recursive lookups turned off. We use a managed service for our DNS and they fixed it immediately after I alerted them to your post. We appreciate the heads up…although an email to me directly would have done the trick as well 🙂
Malcolm Frazier says
Good Afternoon – As of eleven o’clock this morning TrafficZ’s name servers are no-longer allowing recursive lookups. Although we did have recursion enabled; our DNS software (BIND) was patched for this type of vulnerability making it near impossible to successfully execute this type of attack.
In the future if it is necessary for TrafficZ to run BIND as a caching resolver we will implement dnssec as a definitive solution for this issue.
Thank you.
Paul Goldstone says
Andrew, thanks for bringing this to the attention of your readers. Most name server providers have received multiple notifications on this issue, and I can confirm that Domainit.com is not susceptible to the vulnerability.