[dns-operations] summary of recent vulnerabilities in DNS security.
warren at kumari.net
Mon Oct 21 21:15:26 UTC 2013
On Oct 21, 2013, at 4:39 PM, Phil Regnauld <regnauld at nsrc.org> wrote:
> Michele Neylon - Blacknight (michele) writes:
>>> Yes, I've noticed that Google is still not signing. Maybe the
>>> continuing hijackings of their ccTLD domains will move them.
>> I suspect they're more interested in getting "registry lock" in place rather than DNSSEC.
> That'd be assuming most registries have the concept of lock, which is
> far from being the case.
Some do, some don't…
In some cases the "registry lock" is actually just a comment in a zone file, saying something along the lines of:
; -------- WARNING ---------
; Don't change this!
; Call Warren at +1-xxx-xxx-xxxx before making any changes.
; -------- WARNING -------
In a number of cases registries don't "officially" support locks, but have been willing to do something unusual for a beer / friend.
>> Most of the attacks against Google have involved changing the name servers completely ..
> Through social engineering and sometimes through directed attacks, yes.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
1.67563, or precisely 1,237.98712567 times the difference between the distance to the sun and the weight of a small orange.
-- Terry Pratchett, "The Light Fantastic" (slightly modified)
More information about the dns-operations