All Questions
Tagged with dns-spoofing dnssec
23
questions
0
votes
1
answer
273
views
Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?
First, I can update this with the affected domain, if it's critical, but for obvious reasons I'd like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have ...
0
votes
1
answer
135
views
Suspicious ip address of our mail domain found on talosintelligence.com (spoofing attempt)
We have a fair amount of email traffic. Recently, we had some suspicious email spoofing attacks and a lot of users reported that outgoing emails were marked as spam and landed in junk folder (reported ...
1
vote
0
answers
116
views
How do you mitigate the risk of stolen unencrypted data because you are using Cloud DNS to proxy the request that are sent to your server?
Goal
My goal is to build a PWA. I am new to programming and I believe it is better to start with NGINX.
I have not found a good article (explaining the security risk) about using the Cloud DNS (such ...
1
vote
1
answer
162
views
What portion of recursive (ISP, public, etc.) nameservers validate DNSSEC strictly?
I'm adopting/setting up DNSSEC on my domains for the first time, and curious about the practical benefits I can expect. In theory, regardless of whether client/stub resolvers want checking, recursive ...
1
vote
1
answer
221
views
How does DNSCurve protect against forgery in a man-in-the-middle attack scenario?
This Question is about DNSCurve. I thought of DNSCurve as "HTTPS for DNS" (like in this Answer) but had some resent thoughts about the trust-relationship between resolvers and nameservers serving the ...
0
votes
1
answer
323
views
DNSSEC - does the domain owner owns a key?
The purpose of DNSSEC is to prevent some attacks like cache poisoning so a client can be sure that the answer it gets from a recursive DNS server are correct (the IP is the correct IP). The root DNS ...
2
votes
2
answers
261
views
DNS Poisoning - How to edit the "list" it in the target server?
I know how to redirect some DNS name to another DNS name. For example, access security.stackexchange.com and redirect to facebook.com. But I am doing this with my own server and the connected ...
2
votes
3
answers
689
views
Effects of CVE-2017-9445?
http://thehackernews.com/2017/06/linux-buffer-overflow-code.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445
"that could allow remote attackers to potentially trigger a buffer ...
0
votes
1
answer
137
views
Would DNSSec and DANE be more secure if the same key was published to different TLDs?
Assuming that it's tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?
For example:
...
14
votes
2
answers
3k
views
What problem does DNSSEC solve?
I have read through the questions tagged DNSSEC on this site, and over the years you hear statistics about DNSSEC adoption and about organizations enabling it on their domains... but nobody mentions ...
0
votes
2
answers
869
views
Why do SSL enabled sites don't reply back according to "hosts" file record?
I was playing with the hosts file under my linux distro. Added an entry
192.168.3.121 www.facebook.com
in the /etc/hosts file. Created 2 servers which link to an index.html file at ports 80 ...
7
votes
2
answers
1k
views
Opt into strict DNSSEC checking - does DNSSEC provide a way for a zone to request strict signature validation?
Is there a way for a domain good.com to promise that it will sign all of its DNS records, and that any unsigned records for any host *.good.com should be rejected? In other words, is there a way for ...
7
votes
2
answers
6k
views
Can you force your PC or device to use only DNSSec-verified lookup results?
Okay, I'll admit something first-off: I don't really understand some of the practical aspects of how DNSSec protections work very well.(Even after reading resources like this.)
Well, I certainly ...
5
votes
2
answers
270
views
With DNSSEC, is there any benefit in DANE for a CA- issued Cert?
I just deployed DNSSEC at val-id.com and getvalid.com
Since DNSSEC is a requirement of DANE, and I have a CA-based certificate, can I show my support for DANE-based deployments by publishing my CA-...
13
votes
2
answers
3k
views
When using https but not DNSSEC, under what situation, a client is vulnerable?
So DNSSEC is to ensure that returned IP address is not poisoned. And https is to verify the remote server.
My question is that when protected by https, under what circumstances, a client is ...