nanog mailing list archives
Re: A Deep Dive on the Recent Widespread DNS Hijacking
From: Ross Tajvar <ross () tajvar io>
Date: Mon, 25 Feb 2019 16:30:42 -0500
Speaking of registrars vs registries - I've noticed some companies have become their own registrar to improve their domain security (Cloudflare, Google, etc.). Is that a feasible path for smaller organizations? How much risk does that mitigate? It seems like it gives the organization control over more of the domain registration, which allows them to manage things better than a typical registrar might. But credentials can be compromised in either case. Does anyone have any experience with that setup? On Mon, Feb 25, 2019, 1:49 PM Owen DeLong <owen () delong com> wrote:
On Feb 25, 2019, at 09:25 , Paul Ebersman <list-nanog2 () dragon net>wrote:ebersman> If someone owns your registry account, you're screwed. And ebersman> right now, it tends to be the most neglected part of the ebersman> entire zone ownership world. Let's use this opportunity to ebersman> help folks lock down their accounts, not muddying the waters ebersman> with dubious claims. Reread this and felt I should clarify that I realize that John and Doug are not the ones saying DNSSEC is useless. I just hate to see the knee jerk "oh, see, DNSSEC didn't save the day so it's obviously useless". Let's give the world a better explanation.@Paul — I think you meant “registrar account” rather than “registry account” since most domain holders don’t have registry accounts. Registry accounts are primarily held by registrars. If someone owns a registrar’s registry account, then all of their customers (and potentially many many others) are screwed. Owen
Current thread:
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Job Snijders (Feb 25)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Seth Mattinen (Feb 26)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 26)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Matthew Petach (Feb 26)
- RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 26)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Hunter Fuller (Feb 26)
- Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Ross Tajvar (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Saku Ytti (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Tony Finch (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Ross Tajvar (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Hank Nussbacher (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Ask Bjørn Hansen (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Hank Nussbacher (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Sander Steffann (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Michael Hallgren (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bjørn Mork (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Ca By (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking David Conrad (Feb 26)