nanog mailing list archives

Re: A Deep Dive on the Recent Widespread DNS Hijacking

From: Hank Nussbacher <hank () efes iucc ac il>
Date: Mon, 25 Feb 2019 08:03:50 +0200

On 25/02/2019 07:20, Bill Woodcock wrote:

On Feb 24, 2019, at 7:41 PM, Montgomery, Douglas (Fed) <dougm () nist gov> wrote:
In the 3rd attack noted below, do we know if the CA that issued the DV CERTS does DNSSEC validation on its DNS 
challenge queries?

We know that neither Comodo nor Let's Encrypt were DNSSEC validating before issuing certs.  The Let’s Encrypt guys at 
least seemed interested in learning from their mistake.  Can’t say as much of Comodo.

                                 -Bill


Bill,

Did you have a CAA record defined and if not, why not?

-Hank

Current thread:

Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- - - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Matthew Petach (Feb 26)
    - RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Hunter Fuller (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Ross Tajvar (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Saku Ytti (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Tony Finch (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ross Tajvar (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Hank Nussbacher (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ask Bjørn Hansen (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Hank Nussbacher (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Sander Steffann (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Michael Hallgren (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Bjørn Mork (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking David Conrad (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)

(Thread continues...)