A broken DNSSEC rollover took down .AL. Now 1.1.1.1 tells you when validation is bypassed
When a failed DNSSEC key rollover took down the .AL TLD, we deployed a Negative Trust Anchor to restore resolution. This time, though, clients didn't have to take our word for it: 1.1.1.1 returned…
Read the full articleYou might also wanna read
DNS Resolution Failure: How a 1.1.1.1 Update Accidentally Broke CNAME Record Ordering
A recent change to 1.1.1.1 accidentally altered the order of CNAME records in DNS responses, breaking resolution for some clients. This post
DENIC DNS Disruption Affects DNSSEC-Signed .de Domains
Current system status. View active incidents or upcoming maintenance. Subscribe to receive status notifications.
GHSA-676x-f7gg-47vc: Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Netty's DNS resolver component (DnsResolveContext) fails to validate the origin (bailiwick) of CNAME records in DNS responses, leading to po
Exploring Chrome's SSL Bypass Code and Its Evolution
This is Unsafe If you type thisisunsafe on a Chrome SSL error page, Chrome will bypass the error and load the page for you. Try it yourself
GHSA-5pvg-856g-cp85: Netty has Insufficient Bailiwick Validation for NS Records
Netty's DNS resolver component has a vulnerability due to insufficient bailiwick validation of NS records, allowing DNS cache poisoning. An
DNSSEC Debugger Analysis of nic.de: Chain of Trust Verification
The DNSSEC Debugger from VeriSign Labs is an on-line tool to assist with diagnosing problems with DNSSEC-signed names and zones.

Comments
Sign in to join the conversation.
No comments yet. Be the first.