Is Your DNS Server Taking you for a Walk on the Wild Side?
By Brian Tankersley - For K2 Enterprises and Accountingweb.com
There's a big hole on the internet related to a problem with (See this article ), the drones that silently and efficiently convert internet addresses like www.bftcpa.com and firstname.lastname@example.org into IP addresses like 188.8.131.52 and 184.108.40.206. You may also want to listen  to the Security Now podcast here, or review the printable transcript  of the episode here. You may want to use one of the three tools listed below to test your ISP's DNS servers to see if they are patched for the vulnerability:
- Dan Kaminsky's DoxPara Site 
- The DNS Operations, Analysis and Research Center Testing Tool 
- The very nice DNS Stuff site offers their own tool 
If your ISP is vulnerable, you might consider using someone else's DNS servers. Some options include:
- OpenDNS  is a free service (Wikipedia article here ) which lets you use their DNS servers (220.127.116.11 and 18.104.22.168) instead of your ISP's servers. (Open DNS is reportedly not vulnerable to the attacks mentioned in the podcast.) An article  on how to configure Windows XP, Windows Vista, and a router from Computerworld is here . I have been using OpenDNS for about six months, and have been impressed with the speed increases when browsing the web,
- Other options, including talking directly to the 13 root servers and others are in an article from Leo Notenbloom here .