A Deep Dive on the Recent Widespread DNS Hijacking

Owen DeLong owen at delong.com
Mon Feb 25 18:44:59 UTC 2019

> On Feb 25, 2019, at 09:25 , Paul Ebersman <list-nanog2 at dragon.net> wrote:
> ebersman> If someone owns your registry account, you're screwed. And
> ebersman> right now, it tends to be the most neglected part of the
> ebersman> entire zone ownership world. Let's use this opportunity to
> ebersman> help folks lock down their accounts, not muddying the waters
> ebersman> with dubious claims.
> Reread this and felt I should clarify that I realize that John and Doug
> are not the ones saying DNSSEC is useless. I just hate to see the knee
> jerk "oh, see, DNSSEC didn't save the day so it's obviously
> useless". Let's give the world a better explanation.

@Paul — I think you meant “registrar account” rather than “registry account”
since most domain holders don’t have registry accounts. Registry accounts are
primarily held by registrars. If someone owns a registrar’s registry account, then
all of their customers (and potentially many many others) are screwed.


More information about the NANOG mailing list