Hacker Read

dbt00 · 2018-04-27 06:33:37+00:00

DNSSEC is as secure as SMS.

sitkack | karma 14538 | avg karma 1.82 · | 2020-09-19 03:10:19

DNSSEC?

skdjf | karma 4 | avg karma 0.8 · | 2013-10-28 17:47:53+00:00

DNSSEC?

tptacek | karma 394296 | avg karma 6.04 · | 2021-11-29 13:35:48

DNSSEC: it's secure as long as you don't trust the DNS hierarchy.

_-___________-_ | karma 2315 | avg karma 2.63 · | 2020-12-06 01:40:50+00:00

DNSSEC provides authenticity, not confidentiality.

tptacek | karma 394296 | avg karma 6.04 · | 2023-11-27 17:28:05

DNSSEC is also trivial to MITM.

Ericson2314 | karma 7269 | avg karma 1.6 · | 2020-08-26 01:41:01+00:00

You mean DNSSEC

gsich | karma 1325 | avg karma 0.48 · | 2020-11-20 05:19:24+00:00

Use DNSSEC.

mike-cardwell | karma 13092 | avg karma 3.68 · | 2016-02-07 20:41:59

DNSSEC

libeclipse | karma 2108 | avg karma 3.25 · | 2016-10-09 14:45:59+00:00

Actually Google's DNS over HTTPS API is used, so it is encrypted and also secured using DNSSEC.

easrng | karma 1486 | avg karma 2.03 · | 2022-05-03 17:53:47

DNSSEC doesn't help privacy, it helps security.

theamk | karma 6529 | avg karma 2.35 · | 2020-12-06 14:11:57

Uh, DNSSEC is only signatures, it has no encryption.

packetlost | karma 3673 | avg karma 2.66 · | 2023-05-12 11:29:54

Oh! I always thought DNSSEC was encrypted, thanks for the correction

rsingel | karma 2395 | avg karma 6.25 · | 2010-09-28 13:00:41

DNSSEC is signed, not encrypted.

knome | karma 1715 | avg karma 3.75 · | 2018-04-24 19:01:59+00:00

DNSSEC adoption would prevent a hijacker from manipulating responses.

josteink | karma 14976 | avg karma 3.09 · | 2019-09-08 08:23:18

As someone not very knowledgable about DNSSEC, can you expand on this point? To the uninformed that sounds very counterintuitive.

wibblenut | karma 80 | avg karma 1.82 · | 2010-11-25 21:37:08

Just like everything else, hence DNSSEC.

wmf | karma 46152 | avg karma 2.46 · | 2013-11-13 20:07:14+00:00

AFAIK DNSSec has no additional identity requirements compared to normal DNS.

ktta | karma 2721 | avg karma 2.77 · | 2017-09-28 01:55:50+00:00

Any interest in implementing DNSCrypt? I feel DNSSEC alone is useless since one can't guarantee integrity to the DNS resolver.

bitexploder | karma 6391 | avg karma 3.41 · | 2022-03-04 20:13:20

Except DNSSEC accomplishes nothing really. It does not make anything more secure. Crypto is not a panacea to the problems of trust.