Jag f\u00e5r ofta fr\u00e5gan om det g\u00e5r bra att anv\u00e4nda en \u00f6ppen rekursiv resolver, exempelvis Googles 8.8.8.8 eller de som eran Internetleverant\u00f6r erbjuder.<\/p>\n\n\n\n
Ska ni ha full s\u00e4kerhet i eran DNS \/ DNSSEC implementation s\u00e5 \u00e4r svaret NEJ<\/strong>.<\/p>\n\n\n\n\n\n\n\n Kom ih\u00e5g att<\/p>\n\n\n\n Om en extern resolver anv\u00e4nds<\/p>\n\n\n\n Detta har nyligen h\u00e4nt s\u00e5 det \u00e4r inte bara teori.<\/p>\n\n\n\n Googles externa resolver p\u00e5 8.8.8.8 har redan blivit attackerad genom att \u00e4ndra i den globala routingtabellen. Detta finns beskrivet p\u00e5 bla http:\/\/thehackernews.com\/2014\/03\/google-public-dns-server-traffic.html<\/a><\/p>\n\n\n\n Alla fr\u00e5gor till 8.8.8.8 skickades under 22 minuter till icke-Google servrar i Venezuela och Brasilien och vilka typer av svar de returnerade \u00e4r inte k\u00e4nt. Typiskt kan felaktiga IP adresser\/servrar ha returnerats f\u00f6r popul\u00e4ra hemsidor s\u00e5som Facebook, Google och Yahoo. Dessa servrar kan sedan gjort en ”Man In The Middle<\/a>” attack och f\u00e5ngat upp anv\u00e4ndarnamn och l\u00f6senord utan att n\u00e5gon m\u00e4rkt det.<\/p>\n\n\n\n S\u00e5, att anv\u00e4nda en extern resolver kan inte rekommenderas, ni beh\u00f6ver lokala s\u00e5dana som sk\u00f6ter DNSSEC validering och d\u00e4r svaret mellan resolvern och era klienter inte kan p\u00e5verkas.<\/p>","protected":false},"excerpt":{"rendered":" Jag f\u00e5r ofta fr\u00e5gan om det g\u00e5r bra att anv\u00e4nda en \u00f6ppen rekursiv resolver, exempelvis Googles 8.8.8.8 eller de som eran Internetleverant\u00f6r erbjuder. Ska ni ha full s\u00e4kerhet i eran DNS \/ DNSSEC implementation s\u00e5 \u00e4r svaret NEJ.<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-429","post","type-post","status-publish","format-standard","hentry","category-nyheter"],"_links":{"self":[{"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/posts\/429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/comments?post=429"}],"version-history":[{"count":6,"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/posts\/429\/revisions"}],"predecessor-version":[{"id":1039,"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/posts\/429\/revisions\/1039"}],"wp:attachment":[{"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/media?parent=429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/categories?post=429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/abundo.se\/en\/wp-json\/wp\/v2\/tags?post=429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}