Completed
NSEC records for a DNSSEC protected name point at the next node in the zone.
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
DNSSUX - Why DNSSEC Makes Us Weaker
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 DNSSEC specifies a Public Key Infrastructure not unlike X.509 for TLS. .
- 3 DNS is hierarchical and divided into zones
- 4 Under DNSSEC, a name's DNS records are signed by the parent node in the zone.
- 5 NSEC records for a DNSSEC protected name point at the next node in the zone.
- 6 Enumerating a zone is a critical recon step for malicious actors.
- 7 A third iteration of NSEC, NSECS provably provides protection against zone enumeration.
- 8 CloudFlare takes an interesting approach they call "Black Lies" and DNS Shotgun
- 9 Ultimately, securing DNS is a non-trivial problem and it is unclear how we will solve it.