I want you to understand how your computer interacts with something called a “Domain Name Service Server,” or “DNS server.” You need to know this so you can understand one of the most dangerous threats to your PC in a long while, and how you might be vulnerable.

PC #1: Hello, DNS Server?
DNS: Hello, PC #1! What can I do for you?
PC #1: Well, I’d like to reach Google.com, but I’m afraid I don’t have their number.
DNS: You know, I had that number a while back, but I like to keep everything current, so I tossed out my old list recently. I know who to contact to get it again, though. Hold on a sec.
PC #1: Thanks!

[several nanoseconds pass as our valiant DNS Server
contacts another DNS server down the line]

DNS: PC #1? I found the number for Google.com. Here you go!
PC #1: Thanks! I’ll store it for a while, just in case I need it again.
DNS: You and me both! You never know who else might ask for the same number.

[later in the day...]

PC #2: Excuse me, DNS?
DNS: Oh, hello there, PC #2. Haven’t seen you in a while.
PC #2: I’m sorry to be a bother. I’m needing to reach Google.com, but I don’t know the number.
DNS: No problem. I looked up that number earlier, and…yep. Here it is, right here in this list.
PC #2: Wow, that was fast! Thanks! I’ll save a copy of it for later!
DNS: Sure you will.

DNS servers are underappreciated workhorses in your server closet and at your Internet Service Provider. Their job? To make your life easier.

DNS servers perform the complex job of telling your computer where to find other network resources, like Web sites, by using friendly names like “www.google.com” rather than “http://72.14.207.99.”

(Go ahead — type them both into your Web browser. They go to the same place. Then, thank a nearby DNS server.)

DNS translates “host names” into IP addresses. Once your DNS server “resolves” a host name to an address, it stores it in a list for a while. This list is your DNS server’s “cache.” Thus, DNS takes your plainspoken “www.google.com” and happily points you in the right direction, then makes a note of it.

Oh, and DNS servers? They’re everywhere. If you’re reading this article online, thank a DNS server. If you have a Microsoft Windows server running Active Directory in your organization, you’re running a DNS server. There are many reasons why your organization may be running a DNS server.

They were all vulnerable. Every one of them. Windows, Linux, Apple, Unix - all of them.

It seems someone discovered a way to poison your DNS server’s cache — that list it keeps of the addresses it has already looked up.

The cache is poisoned when an attacker simply changes one address in the cache to another address. Usually the new address goes to the attacker’s own site.

In other words, your DNS server might innocently point your Web browser to a perfectly crafted duplicate of your bank’s Web site, where your user name and password are immediately used by some ne’er-do-well to log in to your actual account and grab your money.

More than two weeks after patches have been made available and highly publicized, reports indicate at least half the world’s DNS servers are still vulnerable.

If you operate a DNS server within your organization, there’s no other way to say this: Update it immediately, or you and your fellow employees might find yourselves deep in a world of hurt.

If you don’t know whether you’re vulnerable, or how to update your system, call an expert. This one’s serious.

Links:

• Microsoft’s formal security advisory, “Increased Threat for DNS Spoofing Vulnerability”: http://www.microsoft.com/technet/security/advisory/956187.mspx

Kevin McDonald: Writer and professional computer/network administrator. He lives in Amarillo with his wife and children, and owns and operates Definition Computers. E-mail Kevin at askthegeek@definitioncomputers.com with questions you’d like to see answered in this column. (This article was originally published in the Amarillo Independent newspaper.)