Imagine you want to visit your online banking website «www.example-bank.ch». Now, instead of getting the correct IP address your computer gets manipulated information and connects you to a website that is owned by a criminal. You wouldn’t notice but disclose … Continue reading
Search Results for: DNSSEC
DNSSEC Usage in Switzerland is on the rise after widespread attacks on the Domain Name System
Attacks on the DNS System Cyber attacks on the DNS system are not new. Cache poisoning, Domain Hijacking and BGP injections of routes to public DNS resolvers happen regularly, but they usually don’t get much attention as they target the … Continue reading
Additional DNSSEC Training with PowerDNS on May 7 and 8
We announced 3 one day DNS trainings in the end of February and all three trainings where fully booked within 24 hours. We are happy to see so much demand for DNSSEC in Switzerland. We managed to add two more … Continue reading
DNSSEC training with PowerDNS in Switzerland
SWITCH is organising a one day DNSSEC training together with PowerDNS The training will be given at the following dates: 9.4. Zurich, SWITCH 10.4. Bern, Uni 11.4. Carouge HESGE The one day training will give you an introduction into DNSSEC … Continue reading
11th October 2017, DNSSEC key rollover of the root zone, be ready the key is here!
On the 27th September, ICANN announced the postponement for the KSK rollover. More information can be found here. written by Yves Bovard No, this is not a kind of secret message nor a new ice-cream. On 11th October 2017 the … Continue reading
DNSSEC Signing for .ch and .li on the Rise
The share of DNSSEC signed domain names in .ch and .li reached 1% for the first time in June 2017. While this is still a very low number compared to other ccTLDs, the number of DNSSEC signed domain names is … Continue reading
DNSSEC signing your domain with BIND inline signing
Update Nov 2017: DNSSEC zone signing as described here is outdated. We strongly recommend against the method described in this blog post. Newer BIND versions or other DNS software have greatly simplified DNSSEC signing. With BIND 9.9, ISC introduced a … Continue reading
Taking Advantage of DNSSEC
According to measurements by APNIC’s Geoff Huston currently 16 percent of Swiss Internet users use a DNSSEC validating DNS resolver. If you want to benefit from the added security with DNSSEC in your network then I suggest you enable DNSSEC … Continue reading
SWITCH DNS/DNSSEC Audit
SWITCH is regularly assessing parts of the registry infrastructure in technical audits. The goal of these audits is to find operational or software vulnerabilities before attackers do. For 2013 we wanted to audit the DNS/DNSSEC related aspects of the registry … Continue reading
DNSSEC Deployment in .CH
It has now been three years since SWITCH officially signed the .CH and .LI ccTLDs. Since then adoption of DNSSEC for the .CH domains has been very slow. During the last few weeks we have seen a small increase, but … Continue reading
DNSSEC Signierungs-Algorithmus wechseln
Eine DNS-Zone zu signieren ist mit heutiger Software nicht mehr schwierig oder kompliziert. Die Schwierigkeiten im Betrieb von signierten Zonen sind selten angewendete Prozeduren, wofür teilweise noch die Software-Unterstützung fehlt, sei dies in der Signierungssoftware oder in Monitoring- und Debugging-Tools. … Continue reading
DNSSEC – Einführung zu DNS Security Extensions
Das Domain Name System (DNS) ist ein wichtiger Bestandteil des Internets. Aus Endbenutzersicht erscheint das Internet oft zusammengebrochen, wenn die Namensauflösung nicht funktioniert. In den letzten Jahren wurden Schwachstellen im Protokoll aufgedeckt, welche es erlauben, DNS-Antworten für einen DNS-Resolver zu … Continue reading
Growing support for open security standards in Switzerland
Open security standards are essential for a secure and resilient Internet in Switzerland and protect the privacy of Swiss Internet users. The adoption rate for Internet security standards like DNSSEC, DANE and DMARC in Switzerland is still low compared to … Continue reading
SWITCH Public DNS Resolver
SWITCH operates recursive name servers for its constituency, the Swiss research and education network. Over the last year we have continually added support for transport encryption protocols on our recursive name servers such as DNS over TLS (DoT) and more … Continue reading
Attacks on DNS continue, targets are also in Switzerland
Attacks on the domain name system continue Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue. The attack technique used is similar than … Continue reading
