[dns-operations] FireEye reports long-running DNS hijacking campaign

John R Levine johnl at taugh.com
Sat Jan 12 20:53:51 UTC 2019

> Actually, DNSSEC would have helped in the scenario in which the bad guys 
> only compromised the “dashboard” that let them modify the authoritative 
> zone data. Presumably that wouldn’t have allowed them to change the DS 
> RR—that would have required access to their registrar account.

Well, OK, but if they can change the A records in the dashbord, presumably 
the new ones will get signed as they're installed, no new DS needed.

DNSSEC is dandy, but if you can compromise a link in the management 
of someone's DNSSEC chain, DNSSEC won't help.

John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

More information about the dns-operations mailing list