DNSSEC is considered the best defense against DNS cache-poisoning threats first brought to light more than a year ago. Nearly 75 percent of all DNS name servers reside in a single authoritative zone, leaving them open to a single point of failure. Nearly 20 percent of name servers don’t allow TCP queries, and 26.4 percent don’t support Extended Mechanisms for DNS protocol. Infoblox recommends organizations prepare for DNSSec adoption and upgrade to the newest version of BIND.”]