18 Nov
2021
18 Nov
'21
3:05 p.m.
On Thu, 18 Nov 2021 14:12:27 +1300, Peter Reutemann wrote:
'As much as 38 percent of the Internet's domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains ...'
So attempts to plug up the holes in unencrypted DNS have fallen short yet again. I don’t see why this is such a big surprise. This is why we have solutions like DNS-over-HTTP and DNS-over-TLS, if you want to secure your DNS. And also why most websites use HTTPS nowadays: so that DNS spoofing can only take us to a site where the certificate does not match, and raise alarm bells that way.