nanog mailing list archives

Re: A Deep Dive on the Recent Widespread DNS Hijacking

From: Paul Ebersman <list-nanog2 () dragon net>
Date: Mon, 25 Feb 2019 12:14:59 -0700

ekuhnke> One thing to consider with authentication for domain registrar
ekuhnke> accounts:

ekuhnke> DO NOT USE 2FA VIA SMS.

Yup. This is a good example of what I'm advocating. Just saying "use
2FA" or "use DNSSEC" or "have a CAA" isn't sufficient detail to make
informed decisions of risk/effort/reward tradeoffs. Simplistic
suggestions without details or context isn't doing anyone any favors.

That said, even SMS 2FA is better than no 2FA. Barely. Just like forcing
lousy passwords is better than no password but still not a best
practice.

Current thread:

Re: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- - Re: A Deep Dive on the Recent Widespread DNS Hijacking Montgomery, Douglas (Fed) (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 24)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Sander Steffann (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Owen DeLong (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Eric Kuhnke (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Eric Kuhnke (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Hunter Fuller (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Rubens Kuhl (Feb 25)
    - RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Job Snijders (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Seth Mattinen (Feb 26)

(Thread continues...)