nanog mailing list archives
Re: A Deep Dive on the Recent Widespread DNS Hijacking
From: Måns Nilsson <mansaxel () besserwisser org>
Date: Mon, 25 Feb 2019 09:07:01 +0100
Subject: Re: A Deep Dive on the Recent Widespread DNS Hijacking Date: Mon, Feb 25, 2019 at 05:04:39PM +1100 Quoting Mark Andrews (marka () isc org):
I would also note that a organisation can deploy RFC 5011 for their own zones and have their own equipment use DNSKEYs managed using RFC 5011 for their own zones. This isolates the organisation’s equipment from the parent zone’s management practices. I would also note that you can configure validating resolvers to expect secure responses for parts of the namespace and to reject insecure responses even when they validate as insecure.
One thing that immediately struck me upon reading the Krebs post was that people got owned by having to downgrade the end-to-end model of the Internet into Proxy-land. A hotel wifi. Probably only challenged by "Free Wifi" in other spaces in its ability to demolish the Internet as thought out and envisioned. We can conclude in two different directions here; * We need to work on making the Internet more transparent to applications, and thus increasing security. * We're all doomed anyway. DNSSEC is useless. Pick whichever you like. Our children will judge us. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 My EARS are GONE!!
Attachment:
signature.asc
Description:
Current thread:
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Bjørn Mork (Feb 28)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike Meredith (Feb 28)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 28)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
- RE: A Deep Dive on the Recent Widespread DNS Hijacking Jacques Latour (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 28)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Tony Finch (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Carl Byington via NANOG (Feb 26)