Skip to main content
Information Security

Questions tagged [dnssec]

Ask Question

Domain Name System Security Extensions (DNSSEC) is a set of IETF specifications for digitally signed DNS.

135 questions
Newest Active Bountied Unanswered
1 vote
0 answers
103 views

RFC6605: Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC has this example of a P-256 key: Private-key-format: v1.2 Algorithm: 13 (ECDSAP256SHA256) PrivateKey: GU6SnQ/Ou+...
neubert's user avatar
  • 1,830
2 votes
0 answers
101 views

A review of controls and associated risks identified a use case for DNS deprovisioning procedures. Specifically, an A record was not cleaned up and the domain has embedded the organization's name. ...
user329927's user avatar
  • 21
5 votes
0 answers
1k views

While I was debugging something, I noticed that none of Google’s products domains (google.com, gmail.com, googleapis.com, gstatic.com…) are DNSSEC-signed. It seems that Google offer an unofficial ...
Jonathan L.'s user avatar
  • 61
1 vote
0 answers
55 views

My question relates to DNSSEC and how to check it easily when navigating the web. DNSSEC is used by a majority of TLDs and CC TLDs, and it contributes to secure the DNS protocol. Statistics about ...
Glendalough's user avatar
  • 11
2 votes
0 answers
99 views

I just watched a video on DNS that explained that if there is a man-in-the-middle or if someone has taken over your resolver, DNSSEC can prevent the responses from being tampered with because the ...
Nasso's user avatar
  • 23
0 votes
0 answers
171 views

Say a citizen-run journalist site is a target of a hostile government. The site is hosted over HTTPS in a different country, outside the government's reach. However, the site domain name is within ...
anon2328's user avatar
  • 221
9 votes
3 answers
3k views

I manage a few dozen servers that are publicly accessible and must remain so. I see very large volumes of malicious traffic on all of these servers. The malicious traffic starts as port scans (...
grenade's user avatar
  • 193
0 votes
1 answer
339 views

I'm learning about DNSSEC today but I don't quite understand about how a parent zone would store all of its child's Key Signing Keys (DNSKEY 257) in its DS record set. As far as I understand, if I ...
xenon's user avatar
  • 377
5 votes
1 answer
714 views

Consider the following dig command and its truncated output: dig . dnskey +dnssec +multi @a.root-servers.net ... ... ;; ANSWER SECTION: . 172800 IN DNSKEY 257 3 8 ( ...
merlin2011's user avatar
  • 153
5 votes
1 answer
13k views

I am reading up on secure DNS (DoH, DoT) and trying to identify its differences. Currently, I am on https://www.cloudflare.com/learning/dns/dns-over-tls/ page. Is there for example some non-negligible ...
Vlastimil Burián's user avatar
  • 1,747
0 votes
0 answers
237 views

I'm trying to implement a toy project DNSSEC supported DNS resolver to learn about both DNS and DNSSEC. Most of my implementation are finished. But for some domains it's not working correctly, and I ...
Rix's user avatar
  • 101
2 votes
1 answer
184 views

I tried dig +dnssec dig [domain name] +dnssec +short. Is RRSIG the only attribute to confirm if a name server has DNSSEC implemented or not? How do I identify a name server that has no DNSSEC ...
Syskey Whiskey's user avatar
  • 21
1 vote
1 answer
2k views

I use dnscrypt-proxy's anonymized DNScrypt with multiple relays, force it all to use TCP, route them over Tor. Does this prevent my ISP or anyone in my country to see my DNS queries and client hellos ...
user avatar
0 votes
1 answer
380 views

First, I can update this with the affected domain, if it's critical, but for obvious reasons I'd like not to be the target of more problems. Someone registered some CAA records for my domain. I have ...
New Alexandria's user avatar
  • 270
0 votes
1 answer
2k views

If I have DNS over HTTPS and DNS over TLS activated simultaneously (router has DoT activated and smartphone browser has DoH activated, so I see on https://1.1.1.1/help DoH: yes and DoT: yes), which ...
WizzY's user avatar
  • 191

15 30 50 per page
1
2 3 4 5
9