[dns-operations] A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Paul Wouters paul at nohats.ca
Mon Feb 25 19:35:11 UTC 2019


On Sat, 23 Feb 2019, Bill Woodcock wrote:

> The main thing so far has been switching the VPN to “always on” setting.  It sometimes causes devices to run through battery really fast, when you roam onto a network that blocks VPN traffic, and apps go crazy trying to reconnect.

Make sure to enable MOBIKE which should reduce that.

> Longer-term, we’ve increased the amplitude of our badgering of Apple Product Security regarding DNSSEC and DANE validation in the OS, rather than via recursive resolver.  Both of those should be end-to-end, not dependent on an external resolver.

Please do. I will do the same.

Paul


More information about the dns-operations mailing list