November 25 2009 by
Cricket Liu (Infoblox)
Just yesterday, ISC announced the release of several versions of BIND to address a new vulnerability. The vulnerability could allow unsigned data to be cached on a recursive name server configured to perform DNSSEC validation.
While that's alarming, it's not a systemic problem with DNSSEC; it's
simply a flaw in BIND's implementation of DNSSEC. (How could it be
anything else if it was addressed by releasing new versions?)
Implementations of the latest incarnation of DNSSEC are still
relatively new, so it should come as no surprise that we're still
finding flaws. (I'm proud to say that this particular defect was found
by Michael Sinatra, who works for my alma mater, Berkeley.)
Read more...
Posted in DNSSEC | DNS Security | BIND | 
0 comments
November 19 2009 by
Cricket Liu (Infoblox)
Most of the results of our recent DNS Survey were pretty scary,
especially the news that nearly 80% of the name servers we found in our
sweep of 5% of the Internet's address space were open to recursion.
But the results contained some good news, too, and for that we should
be thankful.
Read more...
Posted in DNSSEC | DNS Security | DNS Survey | 0 comments
November 10 2009 by
Cricket Liu (Infoblox)
To celebrate the 20th anniversary of the fall of
the Berlin Wall today, Berliners and other reunified Germans toppled a set of
1000 giant dominoes—a metaphor for the fall of Communism in states throughout
the Eastern Bloc.
While not as dramatic or significant as the fall of European
Communism, several dominoes on the path to implementation of the DNS Security
Extensions fell recently.
Read more...
Posted in DNSSEC | DNS Security | 0 comments
