Skip to main content

Posts

Extension Mechanisms for DNS (EDNS0)

DNS Background The Domain Name System Protocol was first designed in 1980s and after that various features has been added while maintaining the compatibility with earlier versions of the protocol. DNS Packet was restricted to UDP 512 bytes in the early releases while keeping in mind the minimum MTU size is of 576 bytes in IPv4. This has been done to check the issues of packet drops, fragmentation and others. This packet size limit of 512 bytes also led to limit the number of root servers to 13 (A to M). In 1999, Paul Vixie proposed extending DNS to allow new flags and Response Codes, and to provide support for longer responses which should also be backward compatible with previous implementation. Mechanism Due to limitation of space in DNS header, no new flags can be added in it. EDNS add information to DNS message in the form of pseudo-RRs included in the ‘additional data’ section of DNS message. This section exist both in Request and Response. The pseudo-RR introduc

PGP and S/MIME Protocol

Both PGP and S/MIME protocols are used for authentication and privacy of messages over internet. S/MIME protocol refers to Secure/Multipurpose Internet Mail Extensions which has been incorporated in the various main exchange software, incl. Outlook, Thunderbird & others And also incorporated in all major browsers (chrome, Mozilla, IE and others). S/MIME is based on IETF standards and defined in RFC 5751.   RFC 5751 defined S/MIME as "S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a consistent way to send and receive secure MIME data. Based on the popular Internet MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures), and data confidentiality (using encryption). As a supplementary service, S/MIME provides for message compression." PGP known as Pretty Good Privacy, is a data encryption and decryp

Google Public DNS Servers Hijacked on 16th March 2014

Google Public DNS Servers i.e., 8.8.8.8 (which are running in Anycast mode)  was hijacked on 16th of March 2014 for the Internet users of Venezuela and Brazil for nearly 22 mins. Google's Public DNS servers are used for "130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day." This makes Google most popular Public DNS service in the Internet world. It is suspected that Hackers exploited a well-know vulnerability in Border Gateway Protocol. There is no-way in BGP to check if particular IP address segment belongs to a particular ISP. RPKI and BGPSEC are the solution of this flaw but these two protocols are still in initial phase and lot or works needs to be done on these protocols. In this particular case, attack kept users from using the internet but no malicious activity has been traced till yet. No redirection of DNS traffic to rogue servers has been traced. This lead to suspect that someone might