Slashdot Mirror
ICANN Warns of 'Ongoing and Significant' Attacks Against Internet's DNS Infrastructure (techcrunch.com)
The internet's address book keeper has warned of an "ongoing and significant risk" to key parts of the domain name system infrastructure, following months of increased attacks. From a report: The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of "multifaceted attacks utilizing different methodologies." It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.
[...] ICANN's chief technology officer David Conrad told the AFP news agency that the hackers are "going after the Internet infrastructure itself." The internet organization's solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that's more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult -- though not impossible -- to spoof.
[...] ICANN's chief technology officer David Conrad told the AFP news agency that the hackers are "going after the Internet infrastructure itself." The internet organization's solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that's more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult -- though not impossible -- to spoof.
This advice is ridiculous, dangerous and irresponsible. DRC should know better.
Global deployment of DNSSEC without first addressing underlying transport issues (DNS over UDP without DNS cookies (RFC7873)) is guaranteed to have disastrous impacts on the availability of DNS itself and the Internet generally.