[dns-operations] FireEye reports long-running DNS hijacking campaign
John R Levine
johnl at taugh.com
Sat Jan 12 20:53:51 UTC 2019
> Actually, DNSSEC would have helped in the scenario in which the bad guys
> only compromised the “dashboard” that let them modify the authoritative
> zone data. Presumably that wouldn’t have allowed them to change the DS
> RR—that would have required access to their registrar account.
Well, OK, but if they can change the A records in the dashbord, presumably
the new ones will get signed as they're installed, no new DS needed.
DNSSEC is dandy, but if you can compromise a link in the management
of someone's DNSSEC chain, DNSSEC won't help.
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
More information about the dns-operations
mailing list