No announcement yet.

DNS security

  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS security

    Dan Kaminsky's DNS vulnerability has raised quite a bit of hell as even patched servers are still vulnerable to poisoning.

    DNSSEC is now touting themselves as the only true solution to the problem, and would authenticate all domain names with a certificate chain with somebody (hopefully not DHS) holding a master set of keys. The U.S. government recently mandated deployment of DNSSEC for all federal domains.

    However, Dan J. Bernstein, of qmail/djbdns fame and long disgruntled at DNSSEC, released DNSCurve which uses elliptic curve cryptography instead of RSA. He even compares the two for you.

    It looks like some cryptographic approach is going to be required in the near future, and will be interesting to see which one wins out.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: DNS security

    ya.. had a pretty good idea it was just a bandaid and not a fix .. lets see if the new bandaids hold..
    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


    • #3
      Re: DNS security

      The website looks as great as any of his other sites :P

      And where can I download the DNScurve software to deploy it?