DNS Security

DNS Security / Featured Blogs

Live On Monday, 25 June - DNSSEC Workshop at ICANN 62 in Panama

Jun 24, 2018

With the DNSSEC Root Key Rollover coming up on October 11, how prepared are we as an industry? What kind of data can we collect in preparation? What is the cost-benefit (or not) of implementing DANE? What can we learn from an existing rollover of a cryptographic algorithm? All those questions and more will be discussed at the DNSSEC Workshop at the ICANN 62 meeting in Panama City, Panama, on Monday, June 25, 2018.

Why You Must Learn to Love DNSSEC

Jun 20, 2018

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat...

Call for Participation - ICANN DNSSEC Workshop at ICANN62, Panama City

Apr 20, 2018

Would you like to share information about how you are using DNSSEC with the wider technical community? Do you have an idea for how to make DNSSEC or DANE work better? Or work with new applications? If so - and if you will be attending ICANN 62 in Panama City, Panama from 25-28 June 2018 - then please consider sending in a proposal to participate as a speaker in the ICANN 62 DNSSEC Workshop!

Takeaways from the DNS-OARC’s 28th Workshop

Mar 14, 2018

March has seen the first of the DNS Operations, Analysis, and Research Center (OARC) workshops for the year, where two days of too much DNS is just not enough! These workshops are concentrated within two days of presentations and discussions that focus exclusively on the current state of the DNS. Here are my impressions of the meeting.

Have We Reached Peak Use of DNSSEC?

Feb 24, 2018

The story about securing the DNS has a rich and, in Internet terms, protracted history. The original problem statement was simple: how can you tell if the answer you get from your query to the DNS system is 'genuine' or not? The DNS alone can't help here. You ask a question and get an answer. You are trusting that the DNS has not lied to you, but that trust is not always justified.

CircleID’s Top 10 Posts of 2017

Jan 08, 2018

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018.

DDOS and the DNS

Nov 27, 2017

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special?

Caribbean Businesses Can Make Good Use of Free DNS Security

Nov 22, 2017

IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in and can be enabled with a few changes to network settings, as outlined on the organisation's website.

An Overview of the 27th DNS Operations, Analysis, and Research Center Meetings

Oct 04, 2017

The DNS Operations, Analysis, and Research Center (DNS-OARC) meetings are an instance of a meeting that concentrates on the single topic of the DNS, and in this case, it delves as deep as anyone is prepared to go! It's two days where too much DNS is barely enough! The hot topic of the meeting was the news that the proposed roll of the Key-Signing-Key of the root zone of the DNS, originally scheduled for October 11, was to be postponed.

A Closer Look at Postponing of the Root Zone KSK Rollover Decision

Sep 30, 2017

On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision.

Industry Updates

Global Domain Activity Trends Seen in Q3 2024

A DNS Investigation into Mamba, the Latest AitM Phishing Player

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

Investigating the Proliferation of Deepfake Scams

Examining the DNS Underbelly of the Voldemort Campaign

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

A DNS Deep Dive into the NetSupport RAT Campaign

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers

Study by WhoisXML API Explores IDNs, Native-Language Characters, and Homograph Attacks

The Extended Reach of the Extension Trojan Campaign in the DNS

Inspecting Konfety’s Evil Twin Apps through the DNS Lens

Hunting for U.S. Presidential Election-Related Domain Threats in the DNS

A Closer Look at the Meduza Stealer through a DNS Deep Dive

July 2024: Domain Activity Highlights

View More