Sign in / up

back to article Google adds validation to DNSSEC

Worldwide, the rollout of DNSSEC can comfortably be described as “glacial”, but Google valiantly continues to try to give it profile. Having launched its own DNSSEC service three years ago, Mountain View has now added DNSSEC validation to its public DNS resolvers. Announced in this blog post, Google says the move means “we can …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Peter 39
    Stop

    Chicken Little

    Without DNSSEC, there is still a possibility of Kaminsky exploit. True, but misleading.

    But to say 'most of the Internet remains vulnerable to the so-called “Kaminsky bug”' is less-than-responsible journalism. Patches have been available for years and all responsible sysadmins have deployed them. Success of a Kaminsky attack against a patched DNS server is possible but the chance is very, very low.

    There are plenty of good reasons to use DNSSEC as there are quite a few vulnerabilities. But please don't put Kaminsky attack at the top of your list.

    3 0
  2. koolholio
    FAIL

    That explains

    Why wireshark labels it a malformed DNS response. :-/

    What about EDNS0? and the billions of other DNS options...

    0 1
  3. Lee D Silver badge

    And, like the IPv6 articles, when is The Reg going to stop posting articles about DNSSEC and actually enable it for their own domains?

    Aren't the tech sites supposed to be taking the lead, and showing the way to others?

    7 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      SSL would be nice too...

      3 0
  4. Eugene Crosser
    Meh

    And still, google.com zone itself is not signed

    which is sad.

    And, I concur with Lee D - tech media should show an example.

    1 0
  5. The_Regulator

    The # of Noobs/Non-Tech Users

    On the internet and google thinks they can reasonably expect a majority of major players to actually do this when it potentially could stop people reaching their sites.

    I have to take a hit and pass it on, just can't imagine this happening.

    Btw google thanks for letting me use your DNS servers though, it's appreciated :)

    0 0
    1. Lee D Silver badge
      Reply Icon

      Re: The # of Noobs/Non-Tech Users

      World IPv6 day (and several anniversaries and similar events) pretty much proved that this is a nonsense on any vaguely modern OS. Fact is, if your computer supports IPv6, then it will either use it (if it's available and globally-addressable) or fall back to IPv4 (if not). And if you use IPv4, nothing IPv6 will affect you at all.

      You aren't going to damage anyone by publishing an AAAA record that anything without IPv6 accessibility will ignore. And in all modern OS's (i.e. XP and above), if you have IPv6 and it's working then it will get used. If it's not, then it won't.

      1 0
  6. Christian Berger

    The main uses for messing with DNS are of course...

    censorship and advertisements. There are a lot of ISPs who mess with DNS for failed requests and tell it to point to their own server which then serves ads.

    Further more many internet censorship plans mess with DNS in order to divert certain sites to a "warning" site.

    0 0
  7. James 100

    Do as they say, not as they do?

    Google.com? No DNSSEC there. Google.co.uk? Same. Likewise OpenDNS.com.

    It's depressing: when even the DNSSEC *advocates* aren't actually enabling it themselves, who will? (FWIW, my personal domain has DNSCurve and DNSSEC, as well as IPv6 - it's truly disappointing that Google don't!)

    0 0
This topic is closed for new posts.

Other stories you might like