Collaborate Disseminate
We have a fair amount of email traffic. Recently, we had some suspicious email spoofing attacks and a lot of users reported that outgoing emails were marked as spam and landed in junk folder (reported by mail recipients). When we checked o… Continue reading Suspicious ip address of our mail domain found on talosintelligence.com (spoofing attempt)
IoT devices are fast becoming an everyday part of our lives. Whether it be in the role they play in manufacturing and industry or powering the appliances in our own homes, it’s clear that IoT devices provide new and efficient ways of working and … Continue reading Protecting IoT devices requires a DNS-based solution
RFC 4035, section 5.3.1 lays out the rules for validating DNSSEC RRSIG records:
The RRSIG RR and the RRset MUST have the same owner name and the same class.
The RRSIG RR’s Signer’s Name field MUST be the name of the zone that contains th… Continue reading How to validate DNSSEC signatures – zone cuts?
I’m looking for a compact, canonical (and possibly but not necessarily human-readable) format for serializing the signature chain for a RRset (or proof that it lies under an insecure delegation) for permanent recording and offline checking… Continue reading Tooling and serialization format for DNSSEC signture chain
I have a domain name under .money, which supports DNSSEC.
However, my registrar hasn’t done DNSSEC with this TLD before and is asking me to supply the Key Tag, Algorithm Type, Digest Type and Digest — and they will set them.
However, I am… Continue reading Supplying registrar with dnssec related records
Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. “Some of the b… Continue reading Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning
DNSSEC security starts by first grouping DNS records (RR) of the same type into a record set (RRset) and then this RRset gets signed…
Does this mean that I have to completely define all the RR in my DNS prior to enabling DNSSEC? What wou… Continue reading What happens if I change RR on my domain’s DNS after DNSSEC has already been enabled?
DNSSEC security starts by first grouping DNS records (RR) of the same type into a record set (RRset) and then this RRset gets signed…
Does this mean that I have to completely define all the RR in my DNS prior to enabling DNSSEC? What wou… Continue reading What happens if I change RR on my domain’s DNS after DNSSEC has already been enabled?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of popular site operators haven’t learned from the 2016 Dyn/Mirai incident/a… Continue reading How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Contents of government gazette, Linux distributions, Open Data, etc. are public, there are no constraints for "increase user privacy". On the contrary, we want to guarantee transparency… But all tutorials and explanations abou… Continue reading Can I simplify DNSSEC implementation in a context of public content?