Re: A Deep Dive on the Recent Widespread DNS Hijacking

[Ask Bjørn Hansen <ask () develooper com>]

> On Feb 24, 2019, at 22:03, Hank Nussbacher <hank () efes iucc ac il> wrote:
>
> Did you have a CAA record defined and if not, why not?

If the attacker got a CA to issue the cert because they changed the DNS server to be their own, a CAA record wouldn’t 
have helped (or at least been even easier to thwart than DNSSEC).


Ask