SHA-1 chosen prefix collisions and DNSSEC
Guest Post: The SHAmbles prefix collision attack against SHA-1 offers a new way for attackers to spook the DNS despite DNSSEC.
Tag: DNSSEC
Three of the best: Geoff Huston
Review 2019 through Geoff Huston’s eyes, with three of his best posts from the year past.
Notes from OARC 31
DNS transparency, DoH and DoT preferences, and Frag Flag Day – Geoff discusses highlights from DNS-OARC 31.
Event Wrap: PacNOG 24
APNIC proudly supported and participated at PacNOG 24 in Apia, Samoa, from 24 to 28 June 2019.
Whither DANE?
Guest Post: DANE has reached an impasse in web deployment – so where to from here?
Looking for what’s not there
How effective is NSEC caching today?
Network protocols and their use: BGP and DNSSEC
Geoff takes a look at the initial design expectations and the deployment realities of BGP and DNSSEC.
DNS-OARC 30: Bad news for DANE
Geoff Huston shares his thoughts from DNS-OARC 30.
How to: Deploying DNSSEC with BIND and Ubuntu Server
Follow this step-by-step guide to set up DNSSEC using BIND and Ubuntu Server.
Improving the availability and resilience of the root zone in the DNS
Hyperlocal roots or NSEC caching? Geoff Huston shares his thoughts on these new ways to make the DNS root zone more resilient.