A Deep Dive on the Recent Widespread DNS Hijacking

Ask Bjørn Hansen ask at develooper.com
Mon Feb 25 09:37:45 UTC 2019

Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Feb 24, 2019, at 22:03, Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
> 
> Did you have a CAA record defined and if not, why not?

If the attacker got a CA to issue the cert because they changed the DNS server to be their own, a CAA record wouldn’t have helped (or at least been even easier to thwart than DNSSEC).

Ask

Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the NANOG mailing list