Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure DNS a Hard Sell

Posted by ScuttleMonkey on from the underdeveloped-ideas dept.

ebresie writes "Computer Business Review Online has an interesting article about the lack of acceptance for Secure DNS." From the article: "Speaking during a workshop on the technology, Keith Schwalm of Good Harbor Consulting, a former US Secret Service agent, said that even the financial sector, traditional security early-adopters, are not rushing DNSsec."

5 of 142 comments (clear)

  1. Nice, but not necessary by ehaggis · · Score: 4, Interesting

    DNS, if configured correctly, works well. Blind zone transfers and poor setup are usual culprits with exploits. A secure(r) DNS would be nice, but I think there are bigger security fish to fry.

    --
    One ring to bind them - should probably have more fiber and less rings in their diet.
  2. bigger fear by keithhackworth · · Score: 5, Interesting

    I run my own DNS server at home because I have a bigger fear that my ISP's DNS may be hijacked rather than my bank. It seems like that would be the easiest hole to crack for hackers.

    I would hope that if my bank's DNS servers were hijacked that they would work with me to get any money I lost back. However, if my ISP's DNS servers were hijacked, I don't know that the bank would be as cooperative.

    Keith
    --
    Support bacteria. They're the only culture some people have.
    1. Re:bigger fear by Dolda2000 · · Score: 4, Interesting

      That oughtn't be a great problem, however, since your bank (hopefully?) uses a SSL certificate to ensure you that you are on the right web site. If you click past the SSL warning that says that the certificate doesn't match the domain name when you go to do some on-line banking, you really shouldn't be all too surprised to find all your money gone the next day.

  3. Perhaps better marketing? by Halo- · · Score: 3, Interesting
    I know this is a rather stupid thing to be hung up on, but the referenced link (DNSsec.org) was so visually cluttered and ugly that I couldn't muster the desire to spend much time there.

    Security is always harder to sell than most products, because you are usually trying to convince a customer to spend more time and money for something without out a tangiable return. (If my DNS hasn't been spoofed yet, why pay money? And even if they do secure it, they don't have an easy way to say: "this saved us X dollars this year, and thus was worth the investment")

    Add in an "official" website which is hard to read, and painful on the eyes, and you've got a hard sell indeed. As petty as it sounds, a better web presence might help ease acceptance.

  4. dnssec and nym ala dan by arakis · · Score: 5, Interesting

    Dan is the man in DNS. He pretty much explains why they don't have implementation here:

    http://cr.yp.to/djbdns/forgery.html

    You might not like Dan, but he doesn't get things wrong very often.