IT | DNS Security Extensions - Complexities To Be Aware Of

The wide-open nature of DNS leaves it susceptible to DNS hijacking and DNS cache poisoning attacks to redirect users to a different address than where they intended to go.

By Kannan Subbiah

IT | DNS Security Extensions - Complexities To Be Aware Of

Image Attribute: CDNS/Community DNS

The Domain Name System (DNS) primarily offers a distributed database storing typed values by name. The DNS acts like a phone book for the Internet, translating IP addresses into human-readable addresses. Obviously, as close to 100% of the internet requests are by the domain names, requiring the DNS servers resolve the domain names into IP addresses. This results in a very high load on the DNS servers located across the world. In order to support such a high frequency of requests, DNS employs a tree-wise hierarchy in both name and database structure. 

However, the wide-open nature of DNS leaves it susceptible to DNS hijacking and DNS cache poisoning attacks to redirect users to a different address than where they intended to go. This means that despite entering the correct web address, the user might be taken to a different website.DNS Security Extension (DNSSEC) was brought in as the answer to the above problem.   

DNSSEC is designed to protect Internet resolvers (clients) from forged DNS in order to prevent DNS tampering. DNSSEC offers protection against spoofing of DNS data by providing origin authentication, ensuring data integrity and authentication of non-existence by using public-key cryptography. It digitally signs the information published by the DNS with a set of cryptographic keys, making it harder to fake, and thus more secure.   

The DNSSEC brings in certain additional records to be added to the DNS. The new record types are: RRSIG (for digital signature), DNSKEY (the public key), DS (Delegation Signer), and NSEC (pointer to next secure record). The new message header bits are: AD (for authenticated data) and CD (checking disabled). A DNSSEC validating resolver uses these records and public key (asymmetric) cryptography to prove the integrity of the DNS data.    

A hash of the public DNSKEY is stored in a DS record. This is stored in the parent zone. The validating resolver retrieves from the parent the DS record and its corresponding signature (RRSIG) and public key (DNSKEY); a hash of that public key is available from its parent. This becomes a chain of trust — also called an authentication chain. The validating resolver is configured with a trust anchor — this is the starting point which refers to a signed zone. The trust anchor is a DNSKEY or DS record and should be securely retrieved from a trusted source.   

The successful implementation DNSSEC depends on the deployment of the same at all levels of the DNS architecture and the adoption by all involved in the DNS resolution process. One big step was given in July 2010 when the DNS root zone was signed. Since then, resolvers are enabled to configure the root zone as a trusted anchor which allows the validation of the complete chain of trust for the first time.  

The introduction and use of DNSSEC have been controversial for over a decade due to its cost and complexity. However, its usage and adoption are steadily growing and in 2014, DNS overseer ICANN determined that all new generic top-level domains would have to use DNSSEC.   

Implementing DNSSEC is not always unproblematic. Some faults in DNS are only visible in DNSSEC – and then only when validating making the debugging the DNSSEC difficult. DNS software that applies only to DNSSEC has many issues to be plugged, leading to disruptions in service. 

Interoperability amongst the DNS software is another issue that is adding to the problems. Above all, attackers can abuse improperly configured DNSSEC domains to launch denial-of-service attacks. The following are some such major complexities that one should be aware of.

Zone Content Exposure

DNS is split into smaller pieces called zones. A zone typically starts at a domain name and contains all records pertaining to the subdomains. Each zone is managed by a single manager. For example, kannan-subbiah.com is a zone containing all DNS records for kannan-subbiah.com and its subdomains (e.g. www.kannan-subbiah.com, links.kannan-subbiah.com). Unlike DNS, with DNSSEC the requests will be at the signed zone level. As such, enabling DNSSEC may expose otherwise obscured zone content. Subdomains are sometimes used as login portals or other services that the site owner wants to keep private. A site owner may not want to reveal that “secretbackdoor.example.com” exists in order to protect that site from attackers.

Non-Existent Domains 

Unlike standard DNS, where the server returns an unsigned NXDOMAIN (Non-Existent Domain) response when a subdomain does not exist, DNSSEC guarantees that every answer is signed. For statically signed zones, there are, by definition, a fixed number of records. Since each NSEC record points to the next, this results in a finite ‘ring’ of NSEC records that covers all the subdomains. This technique may unveil internal records if the zone is not configured properly.The information that can be obtained can help us to map network hosts by enumerating the contents of a zone.

The NSEC3-walking attack 

DNSSEC has undergone revisions on multiple occasions and NSEC3 is the current replacement for NSEC. "NSEC3 walking" is an easy privacy-violating attack against the current version of DNSSEC. After a few rounds of requests to a DNSSEC server, the attacker can collect a list of hashes of existing names. The attacker can then guess a name, hash the guess, check whether the hash is in the list, and repeat.  Compared to normal DNS, current DNSSEC (with NSEC3) makes privacy violations thousands of times faster for casual attackers or millions of times faster for serious attackers. It also makes the privacy violations practically silent: the attackers are guessing names in secret, rather than flooding the legitimate servers with guesses. NSEC3 is advertised as being much better than NSEC. 

Key Management 

DNSSEC was designed to operate in various modes, each providing different security, performance and convenience tradeoffs. Live signing solves the zone content exposure problem in exchange for less secure key management. The most common DNSSEC mode is offline signing of static zones. This allows the signing system to be highly protected from external threats by keeping the private keys on a machine that is not connected to the network. This operating model works well when the DNS information does not change often.  

Key management for DNSSEC is similar to key management for TLS and has similar challenges. Enterprises that decide to manage DNSSEC internally need to generate and manage two sets of cryptographic keys – the Key Signing Key (KSK), critical in establishing the chain of trust, and the Zone Signing Key (ZSK), used to sign the domain name’s zone. Both types of keys need to be changed periodically in order to maintain their integrity. The more frequently a key is changed, the less material an attacker has to help him perform the cryptanalysis that would be required to reverse-engineer the private key.    

An attacker could decide to launch a Denial of Service (DoS) attack at the time of key rollover. That is why it is recommended to introduce some "jitter" into the rollover plan by introducing a small random element to the schedule. Instead of rolling the ZSK every 90 days like clockwork, a time within a 10-day window either side may be picked, so that it is not predictable.

Reflection/Amplification Threat 

DNSSEC works over UDP, and the answers to DNS queries can be very long, containing multiple DNSKEY and RRSIG records. This is an attractive target for attackers since it allows them to ‘amplify’ their reflection attacks. If a small volume of spoofed UDP DNSSEC requests is sent to nameservers, the victim will receive a large volume of reflected traffic. Sometimes this is enough to overwhelm the victim’s server, and cause a denial of service. Specifically, an attacker sends a corrupted network packet to a certain server that then reflects it back to the victim. Using flaws in DNSSEC, it is possible to use that extra-large response as a way to amplify the number of packets sent – anywhere up to 100 times. That makes it an extremely effective tool in efforts to take servers offline.    

The problem isn't with DNSSEC or its functionality, but rather how it's administered and deployed. DNSSEC is the best way to combat DNS hijacking, but the complexity of the signatures increases the possibility of administrators making mistakes. DNS is already susceptible to amplification attacks because there aren't a lot of ways to weed out fake traffic sources.   

"DNSSEC prevents the manipulation of DNS record responses where a malicious actor could potentially send users to its own site. This extra security offered by DNSSEC comes at a price as attackers can leverage the larger domain sizes for DNS amplification attacks," Akamai said in a report.

About the Author:    

Kannan Subbiah (TR RID: J-8107-2016), management professional with 27 years of overall experience in IT Project, Product and program Management, Enterprise & Solution Architecture and Design & Deployment. One can subscribe to his daily digest at Tech-Bytes by Kanna Subbiah and can follow him on twitter - @kannagoldsun
Name

-51,1,3D Technology,2,5G,9,Abkhazia,2,Academics,10,Accidents,20,Activism,1,Adani Group,4,ADB,12,ADIZ,1,Adults,1,Advertising,31,Advisory,2,Aerial Reconnaissance,13,Aerial Warfare,35,Aerospace,5,Afghanistan,88,Africa,111,Agile Methodology,2,Agriculture,20,AI Policy,1,Air Crash,10,Air Defence Identification Zone,1,Air Defense,6,Air Force,29,Air Pollution,1,Airbus,5,Aircraft Carriers,5,Aircraft Systems,5,Al Nusra,1,Al Qaida,4,Al Shabab,1,Alaska,1,ALBA,1,Albania,2,Algeria,3,Alibaba,1,American History,4,AmritaJash,10,Antarctic,1,Antarctica,1,Anthropology,7,Anti Narcotics,12,Anti Tank,1,Anti-Corruption,4,Anti-dumping,1,Anti-Piracy,2,Anti-Submarine,1,Anti-Terrorism Legislation,1,Antitrust,2,APEC,1,Apple,2,Applied Sciences,2,AQAP,2,Arab League,3,Architecture,2,Arctic,6,Argentina,7,Armenia,30,Army,3,Art,3,Artificial Intelligence,81,Artillery,2,Arunachal Pradesh,2,ASEAN,12,Asia,70,Asia Pacific,23,Assassination,2,Asset Management,1,Astrophysics,2,ATGM,1,Atmospheric Science,1,Atomic.Atom,1,Augmented Reality,7,Australia,56,Austria,1,Automation,13,Automotive,129,Autonomous Flight,2,Autonomous Vehicle,3,Aviation,63,AWACS,2,Awards,17,Azerbaijan,16,Azeri,1,B2B,1,Bahrain,9,Balance of Payments,2,Balance of Trade,3,Balkan,10,Balochistan,2,Baltic,3,Baluchistan,8,Bangladesh,28,Banking,52,Bankruptcy,2,Basel,1,Bashar Al Asad,1,Battery Technology,2,Bay of Bengal,5,BBC,2,Beijing,1,Belarus,3,Belgium,1,Belt Road Initiative,3,Beto O'Rourke,1,BFSI,1,Bhutan,13,Big Data,30,Big Tech,1,Bilateral Cooperation,19,BIMSTEC,1,Biography,1,Biotechnology,3,Birth,1,BISA,1,Bitcoin,9,Black Lives Matter,1,Black Money,3,Black Sea,2,Blockchain,32,Blood Diamonds,1,Bloomberg,1,Boeing,21,Boko Haram,7,Bolivia,6,Bomb,3,Bond Market,2,Book,11,Book Review,24,Border Conflicts,11,Border Control and Surveillance,7,Bosnia,1,Brand Management,14,Brazil,104,Brexit,22,BRI,5,BRICS,20,British,3,Broadcasting,16,Brunei,3,Brussels,1,Buddhism,1,Budget,4,Build Back Better,1,Bulgaria,1,Burma,2,Business & Economy,1192,C-UAS,1,California,5,Call for Proposals,1,Cambodia,7,Cameroon,1,Canada,54,Canadian Security Intelligence Service (CSIS),1,Carbon Economy,9,CAREC,1,Caribbean,9,CARICOM,1,Caspian Sea,2,Catalan,3,Catholic Church,1,Caucasus,9,CBRN,1,Cement,1,Central African Republic,1,Central Asia,81,Central Asian,3,Central Eastern Europe,47,Certification,1,Chad,2,Chanakya,1,Charity,2,Chatbots,2,Chemicals,7,Child Labor,1,Child Marriage,1,Children,4,Chile,10,China,575,Christianity,1,CIA,1,CIS,5,Citizenship,2,Civil Engineering,2,Civil Liberties,5,Civil Rights,2,Civil Society,5,Civil Unrest,1,Civilization,1,Clean Energy,5,Climate,66,Climate Change,22,Climate Finance,2,Clinical Research,3,Clinton,1,Cloud Computing,44,Coal,6,Coast Guard,3,Cocoa,1,Cognitive Computing,12,Cold War,5,Colombia,15,Commodities,4,Communication,11,Communism,3,Compliance,1,Computers,40,Computing,1,Conferences,1,Conflict,106,Conflict Diamonds,1,Conflict Resolution,48,Conflict Resources,1,Congo,1,Construction,5,Consumer Behavior,4,Consumer Price Index,4,COP26,4,COP28,1,Copper,2,Coronavirus,107,Corporate Communication,1,Corporate Governance,4,Corporate Social Responsibility,4,Corruption,4,Costa Rica,2,Counter Intelligence,15,Counter Terrorism,81,COVID,9,COVID Vaccine,6,CPEC,8,CPG,3,Credit,2,Credit Rating,1,Credit Score,1,Crimea,4,CRM,1,Croatia,2,Crypto Currency,16,Cryptography,1,CSTO,1,Cuba,7,Culture,5,Currency,8,Customer Relationship Management,1,Cyber Attack,7,Cyber Crime,2,Cyber Security & Warfare,115,Cybernetics,5,Cyberwarfare,16,Cyclone,1,Cyprus,5,Czech Republic,3,DACA,1,DARPA,3,Data,9,Data Analytics,36,Data Center,2,Data Science,2,Database,3,Daughter.Leslee,1,Davos,1,DEA,1,DeBeers,1,Debt,12,Decision Support System,5,Defense,12,Defense Deals,8,Deforestation,2,Deloitte,1,Democracy,22,Democrats,2,Demographic Studies,1,Demonetization,6,Denmark. F-35,1,Denuclearization,1,Diamonds,1,Digital,39,Digital Currency,1,Digital Economy,10,Digital Marketing,6,Digital Transformation,11,Diplomacy,14,Diplomatic Row,2,Disaster Management,4,Disinformation,2,Diversity & Inclusion,1,Djibouti,2,Documentary,3,Doklam,2,Dokolam,1,Dominica,2,Donald Trump,48,Donetsk,2,Dossier,2,Drones,14,E-Government,2,E-International Relations,1,Earning Reports,3,Earth Science,1,Earthquake,7,East Africa,2,East China Sea,9,eBook,1,ECB,1,eCommerce,11,Econometrics,2,Economic Justice,1,Economics,43,Economy,108,ECOWAS,2,Ecuador,3,Edge Computing,2,Editor's Opinion,51,Education,65,EFTA,1,Egypt,27,Election Disinformation,1,Elections,42,Electric Vehicle,14,Electricity,7,Electronics,8,Emerging Markets,1,Employment,19,Energy,316,Energy Policy,28,Energy Politics,27,Engineering,24,England,2,Enterprise Software Solutions,8,Entrepreneurship,15,Environment,47,ePayments,13,Epidemic,6,ESA,1,Ethiopia,3,Eulogy,4,Eurasia,3,Euro,6,Europe,13,European Union,229,EuroZone,5,Exchange-traded Funds,1,Exclusive,2,Exhibitions,2,Explosives,1,Export Import,6,F-35,6,Facebook,9,Fake News,3,Fallen,1,FARC,2,Farnborough. United Kingdom,2,FATF,1,FDI,5,Featured,1351,Federal Reserve,2,Fidel Castro,1,FIFA World Cup,1,Fiji,1,Finance,18,Financial Markets,58,Financial Planning,1,Financial Statement,2,Finland,5,Fintech,14,Fiscal Policy,14,Fishery,3,Five Eyes,1,Food Security,27,Forces,1,Forecasting,2,Foreign Policy,13,Forex,4,France,33,Free Market,1,Free Syrian Army,4,Free Trade Agreement,1,Freedom,3,Freedom of Press,1,Freedom of Speech,2,Frigate,1,FTC,1,Fujairah,97,Fund Management,1,Funding,22,Future,1,G20,10,G24,1,G7,4,Gaddafi,1,Gambia,2,Gaming,1,Garissa Attack,1,Gas Price,23,GATT,1,Gaza,13,GCC,11,GDP,13,GDPR,1,Gender Studies,2,Geneal Management,1,General Management,1,Generative AI,7,Genetics,1,Geo Politics,105,Geography,2,Geoint,14,Geopolitics,8,Georgia,11,Georgian,1,geospatial,9,Geothermal,2,Germany,67,Ghana,3,Gibratar,1,Gig economy,1,Global Perception,1,Global Trade,95,Global Warming,1,Global Water Crisis,11,Globalization,3,Gold,2,Google,20,Gorkhaland,1,Government,128,Government Analytics,1,GPS,1,Greater Asia,170,Greece,13,Green Bonds,1,Green Energy,3,Greenland,1,Gross Domestic Product,1,GST,1,Gujarat,6,Gulf of Tonkin,1,Gun Control,4,Hacking,4,Haiti,2,Hamas,10,Hasan,1,Health,8,Healthcare,72,Heatwave,1,Helicopter,12,Heliport,1,Hezbollah,3,High Altitude Warfare,1,High Speed Railway System,1,Hillary 2016,1,Hillary Clinton,1,Himalaya,1,Hinduism,2,Hindutva,4,History,10,Home Security,1,Honduras,2,Hong Kong,7,Horn of Africa,5,Housing,16,Houthi,12,Howitzer,1,Human Development,32,Human Resource Management,5,Human Rights,6,Humanitarian,3,Hungary,3,Hunger,3,Hydrocarbon,3,Hydrogen,4,IAEA,2,ICBM,1,Iceland,2,ICO,1,Identification,2,IDF,1,Imaging,2,IMEEC,2,IMF,76,Immigration,19,Impeachment,1,Imran Khan,1,Independent Media,72,India,653,India's,1,Indian Air Force,19,Indian Army,7,Indian Nationalism,1,Indian Navy,27,Indian Ocean,24,Indices,1,Indigenous rights,1,Indo-Pacific,4,Indonesia,19,IndraStra,1,Industrial Accidents,3,Industrial Automation,2,Industrial Safety,4,Inflation,10,Infographic,1,Information Leaks,1,Infrastructure,3,Innovations,22,Insider Trading,1,Insurance,3,Intellectual Property,3,Intelligence,5,Intelligence Analysis,8,Interest Rate,3,International Business,13,International Law,11,International Relations,9,Internet,53,Internet of Things,34,Interview,8,Intra-Government,5,Investigative Journalism,4,Investment,32,Investor Relations,1,iPhone,1,IPO,4,Iran,202,Iraq,54,IRGC,1,Iron & Steel,4,ISAF,1,ISIL,9,ISIS,33,Islam,12,Islamic Banking,1,Islamic State,86,Israel,142,ISRO,1,IT ITeS,136,Italy,10,Ivory Coast,1,Jabhat al-Nusra,1,Jack Ma,1,Jamaica,3,Japan,88,JASDF,1,Jihad,1,JMSDF,1,Joe Biden,8,Joint Strike Fighter,5,Jordan,7,Journalism,6,Judicial,4,Justice System,3,Kanchin,1,Kashmir,8,Kaspersky,1,Kazakhstan,25,Kenya,5,Khalistan,2,Kiev,1,Kindle,700,Knowledge Management,4,Korean Conflict,1,Kosovo,2,Kubernetes,1,Kurdistan,8,Kurds,10,Kuwait,7,Kyrgyzstan,9,Labor Laws,10,Labor Market,4,Land Reforms,3,Land Warfare,21,Languages,1,Laos,2,Large language models,1,Laser Defense Systems,1,Latin America,80,Law,6,Leadership,3,Lebanon,10,Legal,11,LGBTQ,2,Li Keqiang,1,Liberalism,1,Library Science,1,Libya,14,Liechtenstein,1,Lifestyle,1,Light Battle Tank,1,Linkedin,1,Littoral Warfare,2,Livelihood,3,Loans,9,Lockdown,1,Lone Wolf Attacks,2,Lugansk,2,Macedonia,1,Machine Learning,7,Madagascar,1,Mahmoud,1,Main Battle Tank,3,Malaysia,12,Maldives,13,Mali,7,Malware,2,Management Consulting,6,Manpower,1,Manto,1,Manufacturing,15,Marijuana,1,Marine Engineering,3,Maritime,50,Market Research,2,Marketing,38,Mars,2,Martech,10,Mass Media,29,Mass Shooting,1,Material Science,2,Mauritania,1,Mauritius,2,MDGs,1,Mechatronics,2,Media War,1,MediaWiki,1,Medicare,1,Mediterranean,12,MENA,6,Mental Health,4,Mercosur,2,Mergers and Acquisitions,18,Meta,2,Metadata,2,Metals,3,Mexico,13,Micro-finance,4,Microsoft,12,Migration,19,Mike Pence,1,Military,110,Military Exercise,10,Military-Industrial Complex,3,Mining,15,Missile Launching Facilities,6,Missile Systems,56,Mobile Apps,3,Mobile Communications,11,Mobility,4,Modi,8,Moldova,1,Monaco,1,Monetary Policy,6,Money Market,2,Mongolia,11,Monkeypox,1,Monsoon,1,Montreux Convention,1,Moon,4,Morocco,2,Morsi,1,Mortgage,3,Moscow,2,Motivation,1,Mozambique,1,Mubarak,1,Multilateralism,2,Mumbai,1,Muslim Brotherhood,2,Mutual Funds,1,Myanmar,30,NAFTA,3,NAM,2,Namibia,1,Nanotechnology,4,Narendra Modi,2,NASA,13,National Identification Card,1,National Security,5,Nationalism,2,NATO,33,Natural Disasters,14,Natural Gas,33,Natural Language Processing,1,Nauru,1,Naval Base,5,Naval Engineering,23,Naval Intelligence,2,Naval Postgraduate School,2,Naval Warfare,50,Navigation,2,Navy,23,NBC Warfare,2,NDC,1,Nearshoring,1,Negotiations,2,Nepal,12,Netflix,1,Neurosciences,7,New Delhi,4,New Normal,1,New York,5,New Zealand,7,News,1245,News Publishers,1,Newspaper,1,NFT,1,NGO,1,Nicaragua,1,Niger,3,Nigeria,10,Nikki Haley,1,Nirbhaya,1,Non Aligned Movement,1,Non Government Organization,4,Nonproliferation,2,North Africa,23,North America,53,North Korea,58,Norway,5,NSA,1,NSG,2,Nuclear,41,Nuclear Agreement,32,Nuclear Doctrine,2,Nuclear Energy,4,Nuclear Fussion,1,Nuclear Propulsion,2,Nuclear Security,47,Nuclear Submarine,1,NYSE,1,Obama,3,ObamaCare,2,OBOR,15,Ocean Engineering,1,Oceania,2,OECD,5,OFID,5,Oil & Gas,382,Oil Gas,7,Oil Price,73,Olympics,2,Oman,25,Omicron,1,Oncology,1,Online Education,5,Online Reputation Management,1,OPEC,129,Open Access,1,Open Journal Systems,1,Open Letter,1,Open Source,4,OpenAI,2,Operation Unified Protector,1,Operational Research,4,Opinion,687,Opinon Poll,1,Optical Communications,1,Pacific,5,Pakistan,181,Pakistan Air Force,3,Pakistan Army,1,Pakistan Navy,3,Palestine,24,Palm Oil,1,Pandemic,84,Papal,1,Paper,3,Papers,110,Papua New Guinea,2,Paracels,1,Partition,1,Partnership,1,Party Congress,1,Passport,1,Patents,2,PATRIOT Act,1,Peace Deal,6,Peacekeeping Mission,1,Pension,1,People Management,1,Persian Gulf,19,Peru,5,Petrochemicals,1,Petroleum,19,Pharmaceuticals,14,Philippines,17,Philosophy,2,Photos,3,Physics,1,Pipelines,5,PLA,2,PLAN,4,Plastic Industry,2,Poland,8,Polar,1,Policing,1,Policy,8,Policy Brief,6,Political Studies,1,Politics,52,Polynesia,3,Pope,1,Population,6,Portugal,1,Poverty,8,Power Transmission,6,President APJ Abdul Kalam,2,Presidential Election,30,Press Release,158,Prison System,1,Privacy,18,Private Equity,2,Private Military Contractors,2,Privatization,1,Programming,1,Project Management,4,Propaganda,5,Protests,11,Psychology,3,Public Policy,55,Public Relations,1,Public Safety,7,Publications,1,Publishing,7,Purchasing Managers' Index,1,Putin,7,Q&A,1,Qatar,114,QC/QA,1,Qods Force,1,Quad,1,Quantum Computing,3,Quantum Physics,4,Quarter Results,2,Racial Justice,2,RADAR,2,Rahul Guhathakurta,4,Railway,9,Raj,1,Ranking,4,Rape,1,RBI,1,RCEP,2,Real Estate,6,Recall,4,Recession,2,Red Sea,5,Referendum,5,Reforms,18,Refugee,23,Regional,4,Regulations,2,Rehabilitation,1,Religion & Spirituality,9,Renewable,17,Report,4,Reports,47,Repository,1,Republicans,3,Rescue Operation,1,Research,5,Research and Development,24,Restructuring,1,Retail,36,Revenue Management,1,Rice,1,Risk Management,5,Robotics,8,Rohingya,5,Romania,2,Royal Canadian Air Force,1,Rupee,1,Russia,310,Russian Navy,5,Saab,1,Saadat,1,SAARC,6,Safety,1,SAFTA,1,SAM,2,Samoa,1,Sanctions,5,SAR,1,SAT,1,Satellite,14,Saudi Arabia,129,Scandinavia,6,Science & Technology,392,Science Fiction,1,SCO,5,Scotland,6,Scud Missile,1,Sea Lanes of Communications,4,SEBI,3,Securities,2,Security,6,Semiconductor,18,Senate,4,Senegal,1,SEO,5,Serbia,4,Services Sector,1,Seychelles,2,SEZ,1,Shadow Bank,1,Shale Gas,4,Shanghai,1,Sharjah,12,Shia,6,Shinzo Abe,1,Shipping,10,Shutdown,2,Siachen,1,Sierra Leone,1,Signal Intelligence,1,Sikkim,5,Silicon Valley,1,Silk Route,6,Simulations,2,Sinai,1,Singapore,16,Situational Awareness,20,Small Modular Nuclear Reactors,1,Smart Cities,7,Social Media,1,Social Media Intelligence,40,Social Policy,40,Social Science,1,Social Security,1,Socialism,1,Soft Power,1,Software,7,Solar Energy,14,Somalia,5,South Africa,20,South America,46,South Asia,467,South China Sea,35,South East Asia,74,South Korea,58,South Sudan,4,Sovereign Wealth Funds,1,Soviet,2,Soviet Union,9,Space,46,Space Station,2,Spain,9,Special Forces,1,Sports,3,Sports Diplomacy,1,Spratlys,1,Sri Lanka,23,Stablecoin,1,Stamps,1,Startups,43,State of the Union,1,Statistics,1,STEM,1,Stephen Harper,1,Stock Markets,23,Storm,2,Strategy Games,5,Strike,1,Sub-Sahara,3,Submarine,16,Sudan,5,Sunni,6,Super computing,1,Supply Chain Management,47,Surveillance,13,Survey,5,Sustainable Development,18,Swami Vivekananda,1,Sweden,4,Switzerland,6,Syria,112,Taiwan,30,Tajikistan,12,Taliban,17,Tamar Gas Fields,1,Tamil,1,Tanzania,4,Tariff,4,Tata,3,Taxation,25,Tech Fest,1,Technology,13,Tel-Aviv,1,Telecom,24,Telematics,1,Territorial Disputes,1,Terrorism,77,Testing,2,Texas,3,Thailand,11,The Middle East,649,Think Tank,316,Tibet,3,TikTok,1,Tobacco,1,Tonga,1,Total Quality Management,2,Town Planning,2,TPP,2,Trade Agreements,14,Trade War,10,Trademarks,1,Trainging and Development,1,Transcaucasus,19,Transcript,4,Transpacific,2,Transportation,47,Travel and Tourism,13,Tsar,1,Tunisia,7,Turkey,74,Turkmenistan,10,U.S. Air Force,3,U.S. Dollar,2,UAE,139,UAV,23,UCAV,1,Udwains,1,Uganda,1,Ukraine,109,Ukraine War,21,Ummah,1,UNCLOS,7,Unemployment,1,UNESCO,1,UNHCR,1,UNIDO,2,United Kingdom,82,United Nations,28,United States,752,University and Colleges,4,Uranium,2,Urban Planning,10,US Army,12,US Army Aviation,1,US Congress,1,US FDA,1,US Navy,18,US Postal Service,1,US Senate,1,US Space Force,2,USA,16,USAF,21,USV,1,UUV,1,Uyghur,3,Uzbekistan,13,Valuation,1,Vatican,3,Vedant,1,Venezuela,19,Venture Capital,4,Vibrant Gujarat,1,Victim,1,Videogames,1,Vietnam,24,Virtual Reality,7,Vision 2030,1,VPN,1,Wahhabism,3,War,1,War Games,1,Warfare,1,Water,17,Water Politics,7,Weapons,11,Wearable,2,Weather,2,Webinar,1,WeChat,1,WEF,3,Welfare,1,West,2,West Africa,19,West Bengal,2,Western Sahara,2,White House,1,Whitepaper,2,WHO,3,Wholesale Price Index,1,Wikileaks,1,Wikipedia,2,Wildfire,1,Wildlife,3,Wind Energy,1,Windows,1,Wireless Security,1,Wisconsin,1,Women,10,Women's Right,11,Workers Union,1,Workshop,1,World Bank,35,World Economy,32,World Peace,10,World War I,1,World War II,3,WTO,6,Wyoming,1,Xi Jinping,9,Xinjiang,2,Yemen,28,Yevgeny Prigozhin,1,Zbigniew Brzezinski,1,Zimbabwe,2,
ltr
item
IndraStra Global: IT | DNS Security Extensions - Complexities To Be Aware Of
IT | DNS Security Extensions - Complexities To Be Aware Of
The wide-open nature of DNS leaves it susceptible to DNS hijacking and DNS cache poisoning attacks to redirect users to a different address than where they intended to go.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOEYAz6MCN3qDq13DOzbw6tyOCAKyfSdGtrF2P1O3d7BaucjaTLadVw3ljKWZ_2Fz4ATBmqCG9GynDArOkwVRy9JcDpNRv29pO_x-6OJcaULZUURpVUIUCp8w90yL5RRyBOj2p459BmBE7/s640/DNSSEC.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOEYAz6MCN3qDq13DOzbw6tyOCAKyfSdGtrF2P1O3d7BaucjaTLadVw3ljKWZ_2Fz4ATBmqCG9GynDArOkwVRy9JcDpNRv29pO_x-6OJcaULZUURpVUIUCp8w90yL5RRyBOj2p459BmBE7/s72-c/DNSSEC.jpg
IndraStra Global
https://www.indrastra.com/2016/10/IT-DNS-Security-Extensions-Complexities-to-be-Aware-of-002-10-2016-0037.html
https://www.indrastra.com/
https://www.indrastra.com/
https://www.indrastra.com/2016/10/IT-DNS-Security-Extensions-Complexities-to-be-Aware-of-002-10-2016-0037.html
true
1461303524738926686
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content