China domain name report more than half of China’s domain name server is not safe
news August 26th, North dragon net articles domain name registration authority CNNIC released the first domestic "Chinese status of domain name service and security report", the "report" shows that China’s current domain name server nearly one million, of which more than 50% of the domain name server is relatively safe, and important information systems in China there are 57% DNS risk.
below is the "China domain name services and security status report" full text:
– as of August 10, 2010, the total number of domain name servers to monitor the world for 16306432, of which the authority of the domain name server 2903550, recursive domain name server, 13402882. The number of active domain server is 1375219, of which the authority of the domain name server 619797, recursive domain name server, 755422.
– as of August 10, 2010, the total number of domestic monitoring of the domain name server for 978713, of which the authority of the domain name server 107540, recursive domain name server, 871173. The number of active domain name server is 67235, of which the authority of the domain name server 19281, recursive domain name server, the 47954.
– most of the domestic domain name servers are located in Guangdong, Beijing, Taiwan, China, Shanghai and other developed areas of the internet. Among the top 10 of the total number of domain name servers accounted for more than 90% of the total domain name server.
– scan all authoritative servers in the country, statistics found that more than 62% of the use of Unix/Linux systems, more than 95% of the use of ISC BIND software. The authority of the domain name server in 53% opened a recursive query function, far greater than the global ratio of 31%, there are certain security risks.
– all domestic recursive domain name service system for a comprehensive scan, statistics found that more than 55% of the use of the Unix/Linux system, more than 94% of the use of ISC BIND software.
– Statistics found that more than 4% of the domestic recursive domain name server port randomness is poor, vulnerable to DNS hijacking attack, much higher than the global average of 0.98%.
– domestic important information systems involved in the domain name sampling statistics found that 57% of DNS services in a state of risk, of which 11.8% of the domain name due to improper configuration management, at a higher risk.
domain name service system specification
The domain name
(Domain Name) is composed of a string of characters delimited with internet name, is used to identify the structure of character recognition and positioning of the Internet computer, similar to the number of the internet.