[dns-operations] A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Jaap Akkerhuis jaap at NLnetLabs.nl
Sun Feb 24 11:16:06 UTC 2019


 Bill Woodcock writes:

 > Longer-term, we’ve increased the amplitude of our badgering of Apple
 > Product Security regarding DNSSEC and DANE validation in the OS,
 > rather than via recursive resolver.  Both of those should be
 > end-to-end, not dependent on an external resolver.

 > Anybody have any other suggestions?

For "DNSSEC on the road" I use dnssec trigger[1] a lot. Others are
using stubby, an application of getdnsapi[2].

	jaap


[1] https://www.nlnetlabs.nl/projects/dnssec-trigger/about/

[2] https://getdnsapi.net


More information about the dns-operations mailing list