DNS Security

DNS Security / Featured Blogs

What’s Behind the Secure DNS Controversy and What Should You Do About It?

Dec 12, 2019

Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. That has not been the case with a new protocol which aims to make the Internet's underlying domain name system more secure by default. more

Recognizing Lessons Learned From the First DNSSEC Key Rollover, a Year Later

Nov 26, 2019

A year ago, under the leadership of the Internet Corporation for Assigned Names and Numbers (ICANN), the internet naming community completed the first-ever rollover of the cryptographic key that plays a critical role in securing internet traffic worldwide. The ultimate success of that endeavor was due in large part to outreach efforts by ICANN and Verisign which, when coupled with the tireless efforts of the global internet measurement community, ensured that this significant event did not disrupt internet name resolution functions for billions of end users. more

DNS Wars

Nov 05, 2019

The North American Network Operators' Group (NANOG) is now quite an institution for the Internet, particularly in the North American Internet community. It was an offshoot of the Regional Techs meetings, which were part of the National Science Foundation Network (NSFNET) framework of the late 80s and early 90s. NANOG has thrived since then and is certainly one of the major network operational forums in today's Internet – if not the preeminent forum for network operators for the entire Internet. more

Doing Our Part for a Safer, Stronger DNS

Oct 30, 2019

Public Interest Registry is the industry leader of DNS Anti-Abuse efforts on the Internet. Since our inception, we have worked to empower people and organizations that use the Internet to make the world a better place. Whether a .ORG is the foundation of an individual voice, a global non-profit, or any organization that is part of the mission-driven .ORG community, we are proud to have earned the trust of so many dedicated users. more

Call for Participation – ICANN DNSSEC and Security Workshop at ICANN66, Montreal, Canada

Sep 24, 2019

The ICANN Security and Stability Advisory Committee (SSAC) and the Internet Society Deploy360 Programme are planning a DNSSEC and Security Workshop on Wednesday, 06 November 2019, during the ICANN66 meeting held from 02-07 November 2019 in Montreal, Canada. The original DNSSEC Workshop has been a part of ICANN meetings for many years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments. more

DoH Creates More Problems Than It Solves

Sep 16, 2019

Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more

DNS-over-HTTPS: Privacy and Security Concerns

Sep 06, 2019

The design of DNS included an important architectural decision: the transport protocol used is user datagram protocol (UDP). Unlike transmission control protocol (TCP), UDP is connectionless, stateless, and lightweight. In contrast, TCP needs to establish connections between end systems and guarantees packet ordering and delivery. DNS handles the packet delivery reliability aspect internally and avoids all of the overhead of TCP. There are two problems this introduces. more

DoT and DoH Guidance: Provisioning Resolvers

Aug 26, 2019

As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more

The Promise of Multi-Signer DNSSEC

Aug 15, 2019

DNSSEC is increasingly adopted by organizations to protect DNS data and prevent DNS attacks like DNS spoofing and DNS cache poisoning. At the same time, more DNS deployments are using proprietary DNS features like geo-routing or load balancing, which require special configuration to support using DNSSEC. When these requirements intersect with multiple DNS providers, the system breaks down. more

What’s in Your DNS Query?

Aug 05, 2019

Privacy problems are an area of wide concern for individual users of the Internet -- but what about network operators? Geoff Huston wrote an article earlier this year concerning privacy in DNS and the various attempts to make DNS private on the part of the IETF -- the result can be summarized with this long, but entertaining, quote. more

Industry Updates

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Looking for More Signs of Nitrogen in the DNS

Thoughts on RDRS for Brand Owners

  • By CSC
  • May 13, 2024

Unraveling the World of Security Data Aggregation

A DNS Investigation of the Typhoon 2FA Phishing Kit

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

Hunting for TimbreStealer Malware Artifacts in the DNS

Uncovering Suspicious Download Pages Linked to App Installer Abuse

View More