On 10/2/17 12:51 PM, plug-requ...@lists.pdxlinux.org wrote: Just to be clear, based on the results of the testing I did it seemed to me that the problems the OP was experiencing with SpritOne were more Internet routing related and less DNS related.
A a traceroute from my home Comcast IC bounced around many hops in Comcast & Cogent's network before timing out. Whereas a traceroute from an Internet routable address took a few hops through Integra's network and successfully made it to mx2.spiritone.com "The bad guys may be exploiting the DNS flaw described below, recently patched in the distro I'm currently upgrading. I bet the bad guys have tools for testing and probing DNS server integrity. Why don't you and I have those tools? We build ephemeral new capabilities without diagnostic and monitoring tools for critical core capabilities. Then we replace core capabilities ( systemd ), trading a heap of old known bugs for a wilderness of new unknown bugs" A couple of notes here: "DNS Security Extensions were officially deployed on the root level in 2010 for addresses using the .org top-level domain. In late 2010 and 2011, .com, .net and .edu top-level domains were updated for DNSSEC, and implementation continues for country-specific top-level domains. By November 2011, over 25 percent of all top-level domains had been included" I'm not sure where the implementation of DNSSEC stands today, but cases of public DNS exploitation/corruption are pretty rare. Most if not all tools the "bad guys" are using in the public domain. There are many security researchers, "white hat" hackers and organizations on the beat these days trying to keep the Internet safe, functional, healthy. And they're concerned with all the "bad guys", gov't, corporations, and individual evil doers. And as the majority of Internet servers are running FOSS than proprietary corporate code I have a bit more trust in it as it's constantly under peer review and testing. The biggest problem here is that for most developers and users, features & functionalities generally come before security. It's slowly changing and security is being baked in more now but I think it'll always lag behind and the onus of security will probably always fall on the end user. _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug