[clug] April 2018 CLUG Meeting
Bob Edwards
bob at cs.anu.edu.au
Sun Apr 29 23:18:43 UTC 2018
On 29/04/18 18:04, Stephen Rothwell wrote:
> Hi Bob,
>
> On Sat, 28 Apr 2018 18:57:20 +1000 Robert Edwards via linux <linux at lists.samba.org> wrote:
>>
>> Also, DNSSEC has it's own set of vulnerabilities to be managed. An
>> interesting paper is here (there are others):
>> http://www.chrismitchell.net/svidad.pdf
>
> That paper appears not very well written and now quite old (2004).
> Quite o lot of its perceived problems have been addressed (or were not
> well considered). I realise that DNSSEC has issues, but it is the best
> we have at the moment and does solve a lot of the security concerns with
> DNS itself. It is a big indictment of current "cyber security"
> measures taken in this country that DNSSEC is not required to be
> implemented more widely as a step along the way. Most notable is that
> gov.au is the only au zone that is not DNSSEC signed!
>
> /me wanders off to DNSSEC sign clug.org.au :-)
>
Hi Stephen,
Cool - if you could roughly document the process you went through, that
would be great!
The paper reference (which I have only read part of so far) was just a
heads-up that DNSSEC is not a total, complete solution to DNS spoofing,
but as you say, it is the best we have at the moment. Geoff's talk
didn't touch on any security concerns with DNSSEC, but they do exist.
And in that tiny circle where the competing concerns of Internet
privacy, security and safety intersect, DNSSEC may be another obstacle
to manage... I need to experiment more with how DNSSEC-aware apps play
with Pi-Hole and the OpenDNS Family-friendly DNS service, etc.
cheers,
Bob Edwards.
More information about the linux
mailing list