If you’re breathing a sigh of relief that your DNS patching’s solved the recent security scare, don’t relax too fast.

Seems like there’s more to the problems than even originally anticipated.

The security researcher who found the once-unknown flaw in the Internet’s core Domain Name System (DNS) protocol warns IT managers to be on the lookout in the coming months for more security fixes aimed the issue.

At a press conference this week, Dan Kaminsky, a researcher at security firm IOActive Inc., said patches recently issued by many vendors in response to his bug discovery are little more than a temporary measure for preventing immediate DNS infrastructure attacks.

Kaminsky will explain the details of the bug at the upcoming Black Hat security conference. And with lots more researchers exploring ways to exploit it, there is going to be a need for a more permanent fix.

“There is going to be another round of patches coming online as we as a global community figure out how to address this,” Kaminsky said.

The current set of security updates that were released a few days ago were designed to make it harder for the bug to be exploited, while also ensuring that would-be attackers wouldn’t be able to discover what the flaw is by reverse-engineering the patches.

Initial patches were appropriate when issued. They dealt with the critical need of the moment, and they’ve given security experts time to consider a more permanent fix.

The patches recently released appear to be working, since no one has exploited the vulnerability yet despite the unprecedented attention focused on it.

DNS servers, responsible for routing all Internet traffic to their correct destinations, could be severely compromised by the so-called cache-poisoning vulnerability Kaminsky discovered that could let attackers redirect Web traffic and e-mails to systems under their control. The flaw exists at the DNS protocol level and affects numerous products from multiple vendors.

According to Kaminsky, a weakness exists in a transaction identification process that the DNS protocol uses to determine whether responses to DNS queries are legitimate or not. DNS messages include what are supposed to be random identification numbers, but the problem, according to Kaminsky, is that only about 65,000 different values are currently being used as identifiers. And in reality, the process of assigning the identifiers to packets isn’t especially random and can be guessed, he said.

An advisory issued by the US-CERT said the flaw could make DNS vulnerable to attacks in which forged data is introduced into the systems. Such attacks aren’t new in concept, the advisory said, noting that several security researchers in the past have described cache-poisoning vulnerabilities similar to the one discovered by Kaminsky. Such vulnerabilities basically give attackers a way to predictably spoof DNS traffic along with “extremely effective exploitation techniques,” the US-CERT advisory said.

To read more about the initial alert, click here.

Tags: advisory, CERT, DNS, patches, server, vulnerability