|
|
|
|
|
|
by mcpherrinm
15 days ago
|
|
|
Even without DNSSEC, the CAA record approach can help, as it requires MITMing between the CA and the DNS server, which may be harder in some cases than just MITMing a target site. There’s some upcoming attempts at transport security for authoritative DNS servers which might help too: https://datatracker.ietf.org/doc/html/draft-hoffman-deleg-se... |
|
|
Re: DNS security and NTP and Decentralized DNS/PKI with web standards like W3C DID and DID micro-ledgers for record signing:
"Cert Authorities Check for DNSSEC from Today" (2026-03-26) https://news.ycombinator.com/item?id=47401716