Articles about dnssec

Data corruption

Dutch name authority: DNSSEC validation errors can be eliminated

DNSSEC, which secures the ancient domain name system, is important to Internet security and privacy, but as APNIC luminary Geoff Huston wrote last week, there's evidence that its use could be declining. “From the validation perspective, the use of DNSSEC appeared to have peaked in early 2016 and has been declining since then”, …
DNS toolkit

Open source nameserver used by millions needs patching

Open source DNS software vendor PowerDNS has advised users to patch its "Authoritative" and "Recursor" products, to squish five bugs disclosed today. None of the bugs pose a risk that PowerDNS might itself be compromised, but this is the DNS: what an attacker can do is fool around with DNS records in various ways. That can be …

How's your online bank security looking? The Dutch studied theirs and... yeah, not great

The Dutch banking industry is doing a terrible job of online security, according to the company that runs the country's .nl internet domains. In a new report published Tuesday, the internet registry SIDN was surprised to find that just six per cent of banks using .nl internet addresses have the security protocol DNSSEC in …
Kieren McCarthy, 22 Feb 2017
Headshot of Trojan horse

Running a DNSSec responder? Make sure it doesn't help the black hats

Sysadmins are making mistakes configuring and managing DNSSec, and it's leaving systems that should be secure open to exploitation in DNS reflection attacks. That's the conclusion of Neustar, in a study released here and which found that of more than 1,300 DNSSec-protected domains tested 80 per cent could be used in an attack …
Internet email sign. Pic: @mattw1lson, Twitter

Is DNSSEC causing more problems than it solves?

The complex security protocol for the domain name system – DNSSEC – has another black mark against it: it is being used as a way to carry out distributed denial-of-service (DDoS) attacks. That's according to a security bulletin [PDF] by Akamai that notes it has "observed and successfully mitigated a large number of DNS …
Kieren McCarthy, 23 Feb 2016

New OpenDNSSEC doesn't want you to ... ride into the danger zone

A new version of OpenDNSSEC – an open-source implementation of DNSSEC – is hoping to plug a problem it is happy to have: increased use. Release candidate of version 1.4.9 was put out Monday for testing, with the key new feature being the ability to deal with a large number of zones – more than 50. "Too much concurrent zone …

CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

CloudFlare has rolled out Universal DNSSEC, despite widespread controversy alleging it would provide an excellent platform from which intelligence agencies could spy upon and intercept global internet traffic. Universal DNSSEC will be available to CloudFlare customers for free. The company announced that it will do "all the …

Internet Doomsday scenario: How the web could suddenly fall apart

Analysis Engineers have recommended a small but important change to the internet's underlying structure in order to avoid a possible doomsday scenario. A report [PDF] from the Root Server System Advisory Committee (RSSAC) argues that a key parameter in the internet's address books – namely, how long the information should be stored – …
Kieren McCarthy, 18 Sep 2015
Internet email sign. Pic: @mattw1lson, Twitter

Email addresses in DNS records? We'll make a hash of it, says IETF

Email addresses of domain-name admins should be encrypted one-way – aka hashed – when added to DNS records, an IETF working group has decided. Following a lengthy exchange on the value of adding privacy safeguards for email addresses that are often readily available, Google's Warren Kumari told the group that "the privacy …

Is the DNS' security protocol a waste of everyone's time and money?

Internet security experts are arguing over whether a key protocol for protecting the internet's naming systems should be killed off. DNSSEC was developed in 1994 but it wasn't taken seriously until 2008 when a bug in the domain name system's software made it possible for someone to imitate any server – from websites or email …
Kieren McCarthy, 18 Mar 2015

AuDA starts final round of DNSSEC tests

AuDA has taken a tentative step towards the introduction of DNSSEC into the Australian domain space, signing the .au domain in its production environment as the first step in a four-month test. DNSSEC has been possible for years, but has been held back by industry inertia. Under DNSSEC, a DNS (domain name system) record is …

APNIC boffins may enlist TCP to defend DNS

Could defending the Domain Name System (DNS) infrastructure against amplification attacks be as simple as switching protocols in resolvers? Probably not – but an experiment conducted at APNIC has far-reaching implications. As Geoff Huston, chief scientist at APNIC, writes, DNS amplification attacks are easy to launch and can …
The Register breaking news

Google adds validation to DNSSEC

Worldwide, the rollout of DNSSEC can comfortably be described as “glacial”, but Google valiantly continues to try to give it profile. Having launched its own DNSSEC service three years ago, Mountain View has now added DNSSEC validation to its public DNS resolvers. Announced in this blog post, Google says the move means “we can …
The Register breaking news

Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods

Despite the best attempts of security vendors, neither online stores nor the financial industry seem particularly keen to adopt DNSSEC tech - an anti-fraud mechanism that makes it difficult for fraudsters to spoof legitimate websites. DNSSEC (DNS Security Extensions) uses public-key encryption and authentication to guard …
John Leyden, 18 Feb 2013
The Register breaking news

Scores of US federal agencies still open to 2008 cache attack

US federal agencies are still struggling to roll out mandated technology that would make it much harder for attackers to spoof their websites. The Federal Information Security Management Act set a December 2010 deadline to deploy DNSSEC, or DNS Security Extensions, on federal domains. However a survey by Domain Name System …
John Leyden, 23 Mar 2012
The Register breaking news

Anti-piracy laws will smash internet, US constitution - legal eagles

Legal experts are warning that the proposed PROTECT IP and the Stop Online Piracy Act (SOPA) legislation, currently working their way through Congress, will damage the world's DNS system, cripple attempts to get better online security and violate free speech rights in the US constitution. In an essay published in the Stanford …
Iain Thomson, 20 Dec 2011
The Register breaking news

ICANN chief Beckstrom says he will go in July 2012

Rod Beckstrom, the president and CEO of domain name industry overseer ICANN, has announced that he will leave the job when his contract expires in July next year. rodbeckstrom Wrapping up: Rod Beckstrom "I have decided to wrap up my service at ICANN July 2012," he wrote on Twitter last night. ICANN later followed up with a …
Kevin Murphy, 17 Aug 2011
The Register breaking news

Nominet pilots domain security pump-up

Dot-UK registry Nominet has started piloting a free service designed to help UK businesses boost the security of their websites' domains. The DNSSEC Signing Service "will allow registrars to quickly and easily implement DNSSEC by relying on Nominet to manage the cryptographic signing process, management of keys and publishing …
Kevin Murphy, 25 Jul 2011

Create a news alert about dnssec, or find more stories about dnssec.

Biting the hand that feeds IT © 1998–2018