A Deep Dive on the Recent Widespread DNS Hijacking

Paul Ebersman list-nanog2 at dragon.net
Mon Feb 25 19:14:59 UTC 2019

ekuhnke> One thing to consider with authentication for domain registrar
ekuhnke> accounts:

ekuhnke> DO NOT USE 2FA VIA SMS.

Yup. This is a good example of what I'm advocating. Just saying "use
2FA" or "use DNSSEC" or "have a CAA" isn't sufficient detail to make
informed decisions of risk/effort/reward tradeoffs. Simplistic
suggestions without details or context isn't doing anyone any favors.

That said, even SMS 2FA is better than no 2FA. Barely. Just like forcing
lousy passwords is better than no password but still not a best

More information about the NANOG mailing list