Articles about dns

DNS toolkit

DNSSEC in a click: Cloudflare tries to crack uptake inertia

Cloudflare is offering DNSSEC in a single click. The content delivery network (CDN) company has included the option to add the security protocol to your domain name through its dashboard in a single, simple form. The goal, the biz said on Tuesday, is increased adoption. Cloudflare won't be charging for the service, its …
Kieren McCarthy, 18 Sep 2018
DNS toolkit

DNS ad-hocracy in peril as ICANN advisors mull root server shakeup

Internet overseer ICANN is considering a self-managed governance model for the world's Domain Name System root servers – and one of the outcomes could be a reduction in the number of root servers. Today, 12 companies operate the 13 DNS root servers that are used by browsers and other software to ultimately translate domain …
A hand adjusting a thermostat

Are your IoT gizmos, music boxes, smart home kit vulnerable to DNS rebinding attacks? Here's how to check

A technique for attacking computer networks, first disclosed more than a decade ago, has resurfaced as a way to manipulate Internet-of-Things gadgets, smart home equipment, and streaming entertainment gizmos. Researcher Brannon Dorsey this week posted an essay explaining how smart home hardware can be vulnerable to a trick …
Shaun Nichols, 21 Jun 2018
window patch

June 2018, and Windows Server can be pwned with a DNS request

Microsoft has released its monthly security update, addressing a total of 51 CVE-listed security vulnerabilities. The June edition of Patch Tuesday includes 11 fixes for critical vulnerabilities in Windows, including Microsoft's solution for the recently-disclosed Spectre Variant 4 chip design flaw. Among the most serious …
Shaun Nichols, 12 Jun 2018

SpamCannibal blacklist service reanimated by squatters, claims every IP address is spammy

Updated SpamCannibal – a defunct service that issued blacklists of known spam servers – was hijacked early on Wednesday morning, spewing its own unwanted crap in the process. El Reg was tipped off by a reader who told us that SpamCannibal is "pumping out Blacklist notifications for some of our servers and then when you go to …
John Leyden, 30 May 2018
An upset woman with an empty wallet

AWS DNS network hijack turns MyEtherWallet into ThievesEtherWallet

Updated Crooks today hijacked internet connections to Amazon Web Services systems to ultimately steal a chunk of alt-coins from online cryptocurrency website MyEtherWallet.com. The Ethereum wallet developer confirmed on Tuesday morning that thieves redirected DNS lookups for its dot-com to a malicious website masquerading as the real …
Shaun Nichols, 24 Apr 2018
Oblivious

Sorry spooks: Princeton boffins reckon they can hide DNS queries

The Domain Name System (DNS) is a plain-text service that lets anyone who can see “the wire” capture a user's DNS traffic and work out whether they're asking for naughty.com or nice.com. So to help enhance its privacy a group of researchers has proposed a more "Oblivious DNS” protocol. However, as the group explained here, …
Illustration of someone's privacy being invaded

Cloudflare touts privacy-friendly 1.1.1.1 public DNS service. Hmm, let's take a closer look at that

Updated Cloudflare has revealed a deal with regional internet registry APNIC to provide a possibly more privacy-conscious DNS resolver at a prestige network address, 1.1.1.1. The biz contends DNS – which translates human-friendly domain names like theregister.com into numeric IP addresses, such as 159.100.131.165, used by software – …
DNS toolkit

The DNS was designed for diversity, but site admins aren't buying

The world's top eight DNS providers now control 59 per cent of name resolution for the biggest Websites - and that puts the Web at risk, according to a group of Harvard University researchers. The group was led by Harvard's Shane Greenstein, and warned that since 2011, the "entropy" of the DNS (referring to how widely …
Frayed string

BIND comes apart thanks to ancient denial-of-service vuln

Back in 2000, a bug crept into the Internet Systems Corporation's BIND server, and it lay unnoticed until now. The result: if you're running a vulnerable version of BIND and using DNSSEC, you need to patch the server against a denial-of-service vulnerability. The venerable BIND is the world's most-used Domain Name System (DNS …
Face Palm D'oh from Shutterstock

IETF protects privacy and helps net neutrality with DNS over HTTPS

The Internet Engineering Task Force has taken the first steps towards a better way of protecting users' DNS queries and incidentally made a useful contribution to making neutrality part of the 'net's infrastructure instead of the plaything of ISPs. The Register first noticed the technology in this article by Mark Nottingham ( …
DNS toolkit

Open source nameserver used by millions needs patching

Open source DNS software vendor PowerDNS has advised users to patch its "Authoritative" and "Recursor" products, to squish five bugs disclosed today. None of the bugs pose a risk that PowerDNS might itself be compromised, but this is the DNS: what an attacker can do is fool around with DNS records in various ways. That can be …
Bell switchboard

DNS resolver 9.9.9.9 will check requests against IBM threat database

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features. The Quad9 DNS service, at 9.9.9.9, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks …

Google slides DNS privacy into 'Droid developer stream

Android users might get better protection for their browsing records, if a Google experiment takes off. XDA-developers.com spotted the entry in the Android Open Source Project, which adds DNS over TLS, along with an option to turn it off. The idea of sending DNS queries over TLS is simple: it's in line with the IETF's (and …
Broken light bulb

WTH is my domain? OpenSRS and Hover down and out

Updated The domain name server "OpenSRS" crashed and burned during the dead of night following a network failure, taking down scores of customers' portals with it. Normal service has yet to resume. OpenSRS is owned by the operating service Tucows, and according to builtwith.com, there are about 690,000 active websites using it. …

¡Dios mío! Spain blocks DNS to hush Catalonian independence vote sites

As a controversial referendum on the independence of Catalonia draws near, the Spanish government has expanded efforts to shut it down, even blocking access to some websites. After a number of .cat websites covering the referendum were aggressively shut down by the authorities, pro-independence groups set up new websites at …
Kieren McCarthy, 27 Sep 2017
Skull and Crossbones in the cloud

IBM's global load balancer and reverse DNS degraded by domain transfer mess

IBM's cloudy global load balancer and reverse DNS services have been impacted by a DNS mess inflicted on Big Blue by a domain name registrar. In an email to customers, IBM says that on September 6th “During a bulk transfer of domain names between two domain registrar services, two domains (global-datacenter.com and global- …

Sysadmins told to update their software or risk killing the internet

The world's internet providers and sysadmins need to make sure they are running up-to-date software or they risk cutting their customers off from the internet in October, DNS overseer ICANN has warned. Following a process that started back in May 2016, the cryptographic keys that secure the foundations of the domain name …
Kieren McCarthy, 22 Aug 2017

Create a news alert about dns, or find more stories about dns.

Biting the hand that feeds IT © 1998–2018