DNSSUX - Why DNSSEC Makes Us Weaker

DNSSUX - Why DNSSEC Makes Us Weaker

via YouTube Direct link

NSEC records for a DNSSEC protected name point at the next node in the zone.

5 of 9

5 of 9

NSEC records for a DNSSEC protected name point at the next node in the zone.

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

DNSSUX - Why DNSSEC Makes Us Weaker

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 DNSSEC specifies a Public Key Infrastructure not unlike X.509 for TLS. .
  3. 3 DNS is hierarchical and divided into zones
  4. 4 Under DNSSEC, a name's DNS records are signed by the parent node in the zone.
  5. 5 NSEC records for a DNSSEC protected name point at the next node in the zone.
  6. 6 Enumerating a zone is a critical recon step for malicious actors.
  7. 7 A third iteration of NSEC, NSECS provably provides protection against zone enumeration.
  8. 8 CloudFlare takes an interesting approach they call "Black Lies" and DNS Shotgun
  9. 9 Ultimately, securing DNS is a non-trivial problem and it is unclear how we will solve it.

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.