Skip Links

DNSSec

Worst of SOPA out, White House bolsters opposition

ISP blocking provision to be removed; Lawmakers say ‘consensus’ needed
Submitted by Paul McNamara on Sat, 01/14/12 - 11:16am.

While it's far too early for SOPA opponents to declare victory, a trio of developments late last night and this morning make clear that concerted efforts to block or dramatically alter this ill-conceived antipiracy legislation are having a significant effect.

(Pics of near-riot, egging of Apple store in China)

Those developments:

Read more

Reading up on SOPA can both clarify and muddy the waters

Dueling experts and pundits continue to slug it out
Submitted by Paul McNamara on Wed, 01/11/12 - 5:31pm.

Having spent a good chunk of the afternoon hopscotching from SOPA-related news story to blog post to social-media forum and back again, I'm thinking it might be worthwhile to point to a handful of the more notable stops.

Read more

Sandia Labs touts DNSSEC tool

Seeking funding, partners to take DNS security visualization tool to next level
Submitted by Alpha Doggs on Wed, 01/11/12 - 9:05am.

Sandia National Laboratories is touting a free Web-based visualization tool called DNSViz to help domain name registrars, government organizations and others rolling out DNS Security to better manage the technology that federal entities have been mandated to employ. DNSSEC for the .com domain was also enabled last year, with big registrars like GoDaddy.com jumping on board.

Read more

Red Hat entices customers to stay on older RHEL 5.x

Better virtualization security and support for Ext4 file system have been added
Submitted by Source Seeker on Thu, 01/13/11 - 5:49pm.

RHEL 6.0 was released in November ... long live RHEL 5.x? Under its commitment to support its enterprise Linux distros for seven years, Red Hat has released 5.6, a new-and-improved version of its older Linux operating platform.

Read more

Allow Both TCP and UDP Port 53 to Your DNS Servers

DNS queries are getting bigger so we do not want to accidentally block them
Submitted by Scott Hogg on Sun, 08/22/10 - 7:44pm.

Security practitioners for decades have advised people to limit DNS queries against their DNS servers to only use UDP port 53. The reality is that DNS queries can also use TCP port 53 if UDP port 53 is not accepted. Now with the impending deployment of DNSSEC and the eventual addition of IPv6 we will need to allow our firewalls for forward both TCP and UDP port 53 packets.

Read more

The DNSSEC Opportunity

Security will impact DNS in 2011 and beyond
Submitted by joltsik on Fri, 08/13/10 - 10:52am.

DNSSEC is nothing new. The initial RFC was written in 1997 and the first specification was published in 1999. In spite of these efforts, secure DNS languished during the early 2000s as it wasn't a requirement for most organizations.

Read more

Windows Server 2008 R2 supports DNS Security Extensions

Microsoft offers 85-page guide on how to implement DNSSEC in Windows
Submitted by Microsoft Subnet on Mon, 11/02/09 - 6:57pm.

As promised, the latest version of Windows Server 2008 R2 is the first Windows Server to fully support DNSSEC. DNSSEC is a security protocol that helps to verify that a Web address hasn't been hacked and redirected to a pretender. Better still, Windows 7 also supports DNSSEC, which Microsoft claims is a first among client operating systems.

Read more

Windows Server 2008 R2: Security Changes and Additions Part I

R2 makes security changes to Windows Server Roles
Submitted by Ron Barrett on Wed, 10/28/09 - 1:39pm.

With the release of Windows Server 2008 R2 there have been some major overhauls such as:
Remote Desktop Services and File Classification Infrastructure to mention a few, some of the lesser known but yet no less important changes have come from additions or changes to security.

Read more

Windows 7 and Server 2008 R2 Bring Us DNSSEC. Will We Use It?

Submitted by Mitchell Ashley on Tue, 04/28/09 - 3:21am.

Network security always seems to be driven by the latest "thing", whether that be a virus or a bot like conficker, or a technology like NAC (Network Access Control) that was in vogue was for several years. Security is hot technology and hot ulnerability/attack driven, at least that seems to be what gets all of the attention. Today's theme, at least as evidenced by the reporting from RSA, is cloud security.

Read more

Techies end-run government on DNS security

Submitted by Jeff Caruso on Mon, 02/23/09 - 1:49pm.

The Internet engineering community wants to deploy DNSSEC, the security extensions to the DNS protocol. But the U.S. government so far has failed to cryptographically sign the 13 root servers.

So, ICANN announced it was taking another route. Carolyn Duffy Marsan has details.

Despite patch by Cisco, Microsoft, others, DNS is not secure, researcher says

Submitted by Jim Duffy on Thu, 02/19/09 - 7:30pm.

The Kaminsky Bug, a DNS cache poisoning attack, remains a threat, despite the fact that vendors such as Cisco, Sun and Microsoft joined together to release patches that temporarily fix the flaw. So said Dan Kaminsky at the Black Hat conference, reports Network World. The prominent security researcher told attendees that holes in DNS make the Internet vulnerable.

Read more

DNSSEC and DNS Security

I'm happy to be a member of this coalition and to raise awareness of DNSSEC's benefits, which go beyond prevention of cache poisoning. DNSSEC is a required first step in making the web and web dependent applications (like email) a safe place for communicating things like medical records. It makes SSL and VPN fully trustworthy. DNSSEC enables further applications that can stop SPAM and phishing.

I wish we could focus more on these further applications rather than rehashing the Kaminsky bug as the primary reason for DNSSEC.