How much do I love the fact that there’s a national “cyber-emergency” of DNS hijacking targeting .GOV names, all of which use DNSSEC, as required by fedgov regs? How’d that work out?
-
-
Replying to @tqbf
DNSSEC actually makes this worse: hijack the domain at the registrar, change the ZSK, then sign some very high TTL records. Create new zone cuts for the common names, like www. and poison with high-TTL DS records, get them into the common caches, then throw away the DNSKEY.
5 replies 9 retweets 47 likes
Replying to @colmmacc
How is this worse than the non-DNSSEC case of publishing malicious high-TTL A records for www. etc. and getting those into the common caches?
2:56 PM - 16 Feb 2019
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.