Summary

Top Articles:

  • Firefox Enables DNS over HTTPS
  • DNSSEC Keysigning Ceremony Postponed Because of Locked Safe
  • Oblivious DNS-over-HTTPS
  • A DNS flaw impacts a library used by millions of IoT devices
  • TsuNAME flaw exposes DNS servers to DDoS attacks
  • Why big ISPs aren’t happy about Google’s plans for encrypted DNS

A DNS flaw impacts a library used by millions of IoT devices

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of all versions of the uClibc-ng […] The post A DNS flaw impacts a library used by millions of IoT devices appeared first on Security Affairs.

...more

TsuNAME flaw exposes DNS servers to DDoS attacks

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named […] The post TsuNAME flaw exposes DNS servers to DDoS attacks appeared first on Security Affairs.

...more

Oblivious DNS-over-HTTPS

Published: 2020-12-08 21:02:08

Popularity: 32

Author: Bruce Schneier

Keywords:

  • Uncategorized
  • academic papers
  • anonymity
  • DNS
  • https
  • protocols
  • 🤖: "DNS fail"

    This new protocol, called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP. Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with. IETF memo. The paper: Abstract: The Domain Name System (DNS) is the foundation of a human-usable Internet, responding to client queries for host-names with corresponding IP addresses and records. Traditional DNS is also unencrypted, and leaks user information to network operators. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) havebeen gaining traction, ostensibly protecting traffic and hiding content from on-lookers. However, one of the criticisms ofDoT and DoH is brought to bear by the small number of large-scale deployments (e.g., Comcast, Google, Cloudflare): DNS resolvers can associate query contents with client identities in the form of IP addresses. Oblivious DNS over HTTPS (ODoH) safeguards against this problem. In this paper we ask what it would take to make ODoH practical? We describe ODoH, a practical DNS protocol aimed at resolving this issue by both protecting the client’s content and identity. We implement and deploy the protocol, and perform measurements to show that ODoH has comparable performance to protocols like DoH and DoT which are gaining widespread adoption,while improving client privacy, making ODoH a practical privacy enhancing replacement for the usage of DNS...

    ...more

    Firefox Enables DNS over HTTPS

    Published: 2020-02-25 15:15:33

    Popularity: 364

    Author: Bruce Schneier

    Keywords:

  • browsers
  • child pornography
  • DNS
  • Firefox
  • https
  • Mozilla
  • security engineering
  • terrorism
  • 🤖: ""Secure surfing""

    This is good news: Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [...]...

    ...more

    DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

    Published: 2020-02-14 12:07:21

    Popularity: 230

    Author: Bruce Schneier

    Keywords:

  • DNS
  • keys
  • locks
  • safes
  • 🤖: "Locked out"

    Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months. Once in place,...

    ...more

    Why big ISPs aren’t happy about Google’s plans for encrypted DNS

    Published: 2019-09-30 22:57:31

    Popularity: None

    Author: Timothy B. Lee

    Keywords:

  • Policy
  • DNS
  • DNS over HTTPS
  • DOH
  • google
  • NCTA
  • privacy
  • security
  • DNS over HTTPS will make it harder for ISPs to monitor or modify DNS queries.

    ...more

    end