DNS Security

Noteworthy

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

 DNSSEC technology standards have been stable and mature since 2007, with only updates, clarifications, and new functionality added since then.

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

DNS Security / News Briefs

Sweden Makes its TLD Zone File Publicly Available

Patrik Wallström writes to report that as of today, IIS (The Internet Foundation In Sweden) has made the zone files for .se and .nu domain names publicly available for the first time. "The underlying reason for making the zone files for .se and .nu available is our endeavour at IIS to promote transparency and openness. IIS has made the assessment that the zone files do not contain any confidential information and, therefore, there is no reason not to make this information available." more»

Large Volume of DNSSEC Amplification DDoS Observed, Akamai Reports

A dramatic increase in DNS reflection/amplification DDoS attacks abusing Domain Name System Security Extension (DNSSEC) configured domains have been observed in the past few months, according to a security bulletin released by Akamai’s Security Intelligence Response Team (SIRT). more»

91.3% of Malware Use DNS as a Key Capability

Nearly 92 percent of malware use DNS to gain command and control, exfiltrate data or redirect traffic, according to Cisco's 2016 Annual Security Report. It warns that DNS is often a security "blind spot" as security teams and DNS experts typically work in different IT groups within a company and don't interact frequently. more»

ISOC's DNSSEC Deployment Map Available In Global Internet Maps (Interactive)

Internet Society's DNSSEC Deployment Maps are now available as part of a larger set of Global Internet Maps from its annual Global Internet Report. The map is based off of the 5 stages of DNSSEC deployment that the organization tracks as part of the weekly DNSSEC deployment maps generated. more»

Paul Vixie on How the Openness of the Internet Is Poisoning Us

In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more»

GSA Looking Into .gov Outages

"The General Services Administration is analyzing what caused an outage of .gov websites for a few hours Wednesday morning," reports Federal Times. Officials said the problem involved so-called DNSSEC cybersecurity measures that affected access to certain .gov sites, according to GSA spokeswoman Mafara Hobson. more»

ISOC Joins Forces with Shinkuro and Parsons to Promote Global Deployment of DNSSEC

The Internet Society today announced it has signed a Memorandum of Understanding with Shinkuro and Parsons to collaborate on multiple initiatives to promote the global deployment of Domain Name System Security Extensions (DNSSEC). more»

U.S. CERT Issues Alert on DNS Amplification Attacks

Neil Schwartzman writes to report that U.S. Cert issued Alert TA13-088A on Friday March 29, 2013. "It is a solid how-to guide to test for, and remediate DNS configurations that can be used for Distributed Denial of Service attacks." more»

Google Announces DNSSEC Support for Public DNS Service

Google today announced that its "Public DNS" service is now performing DNSSEC validation. Yunhong Gu, Team Lead for Google Public DNS, in post today wrote: "We launched Google Public DNS three years ago to help make the Internet faster and more secure.Today, we are taking a major step towards this security goal: we now fully support DNSSEC (Domain Name System Security Extensions) validation on our Google Public DNS resolvers." more»

Report Reveals Planned DNSSEC Adoption of 2010 by Key Industries Still in Limbo

A recent progress report on DNSSEC adoption reveals the extent to which organizations in a number of industries are falling short of their own objectives for making Domain Name Server (DNS) infrastructure more secure. The progress report, conducted by Secure64 Software Corporation, is a follow-up to a 2010 study by Forrester Research titled, "DNSSEC Ready for Prime Time," which reported on organizations' plans to implement DNSSEC in order to shore up vulnerabilities in DNS. more»

Internet Society ION Conferences: Call for Speakers - IPv6 and DNSSEC Experts

The Internet Society Deploy360 Programme issues a call for speakers for a series of upcoming global ION Conferences. ISOC welcomes submissions from IPv6 and DNSSEC experts to speak at any of the following ION conferences. more»

Google Notifying Half a Million Users Affected By DNSChanger

Google has announced that it has started undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. "After successfully alerting a million users last summer to a different type of malware, we've replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices." more»

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

Up to 100,000 customer modems are at risk of losing their internet connection from July 9 when the FBI disables rogue DNS servers seized late last year. The affected customer modems make up about a third of the 350,000 to 400,000 internet users believed to still have the DNSChanger malware on either their modems or Windows computers. more»

Why SOPA Defender Joins Internet Society as Regional Director

Internet Society recently announced the appointment of former chief technology officer of Motion Picture Association of America (MPAA). The decision has raised concerns within the Internet community as Paul Brigner had campaigned for SOPA while at MPAA as well as being on record opposing net neutrality while being an official at Verizon. more»

NASA Website Blocked Due to DNSSEC Error

A misconfiguration in NASA's DNSSEC implementation on its website caused Comcast's network to block users from the site last week. NASA had incorrectly signed DNSSEC in its implementation of the new security protocol that last week, causing Comcast's newly DNSSEC-enabled service to automatically block access to the site. the day part of the Web went dark in protest of controversial anti-piracy legislation, leading some users and pundits to inaccurately speculate this was Comcast's way of protesting the government-based bills. more»