nanog mailing list archives
Re: A Deep Dive on the Recent Widespread DNS Hijacking
From: Carl Byington via NANOG <nanog () nanog org>
Date: Tue, 26 Feb 2019 08:29:35 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, 2019-02-25 at 17:04 +1100, Mark Andrews wrote:
I would also note that a organisation can deploy RFC 5011 for their own zones and have their own equipment use DNSKEYs managed using RFC 5011 for their own zones. This isolates the organisation's equipment from the parent zone's management practices.
I want a registrar that can use TOTP 2fa for updates, but that interferes with automated KSK key rollovers. Are there any registrars that use rfc5011 to allow automated KSK key rollovers, combined with TOTP 2fa for web based updates like the initial transition to a secure zone, NS record changes, etc.? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlx1aWgACgkQL6j7milTFsF9mACfVIXUZNLTOEyzbjneuZDeIBEg 2GUAnjoWsNZXtu0PgTuTvPwK0Je9DpCG =nZy7 -----END PGP SIGNATURE-----
Current thread:
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 28)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
- RE: A Deep Dive on the Recent Widespread DNS Hijacking Jacques Latour (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 28)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 24)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Tony Finch (Feb 25)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Carl Byington via NANOG (Feb 26)