[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Deep Dive on the Recent Widespread DNS Hijacking

Subject: A Deep Dive on the Recent Widespread DNS Hijacking
From: hank at efes.iucc.ac.il (Hank Nussbacher)
Date: Mon, 25 Feb 2019 08:03:50 +0200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 25/02/2019 07:20, Bill Woodcock wrote:
>> On Feb 24, 2019, at 7:41 PM, Montgomery, Douglas (Fed) <dougm at nist.gov> wrote:
>> In the 3rd attack noted below, do we know if the CA that issued the DV CERTS does DNSSEC validation on its DNS challenge queries?
> We know that neither Comodo nor Let's Encrypt were DNSSEC validating before issuing certs.  The Letâ??s Encrypt guys at least seemed interested in learning from their mistake.  Canâ??t say as much of Comodo.
>
>                                  -Bill

Bill,

Did you have a CAA record defined and if not, why not?

-Hank

Follow-Ups:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: ask at develooper.com (Ask Bjørn Hansen)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: woody at pch.net (Bill Woodcock)

References:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: kmedcalf at dessus.com (Keith Medcalf)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: woody at pch.net (Bill Woodcock)

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread