• United States



Sandia National Laboratories launches new DNS vulnerabilities tool

Jan 11, 20122 mins
Core Java

Sandia National Laboratories computer scientist Casey Deccio has developed a new tool to help network administrators better understand Domain Name System Security (DNSSEC) and troubleshoot problems.

The tool appears to cater mainly to IT admins working for the federal government. But it appears to be available to private-sector practitioners, too.

Sandia had this to say in a press release:

DNSSEC is a security feature mandated for all federal information systems by the White House’s Office of Management and Budget (OMB). The 2008 mandate requires that “the top level .gov domain will be DNSSEC-signed, and processes to enable secure delegated sub-domains will be developed.”

The entity that serves to translate the hostname of a Uniform Resource Locator (URL) into an Internet Protocol (IP) address is known as the Domain Name System (DNS). A DNS “lookup” is a prerequisite for doing almost anything on the Internet, including Web browsing, emailing or videoconferencing.

Although the mandate made perfect sense, said Deccio, there soon emerged a problem when .gov organizations actually began deploying DNSSEC.

“DNSSEC is hard to configure correctly and has to undergo regular maintenance,” he said. “It adds a great deal of complexity to IT systems, and if configured improperly or deployed onto servers that aren’t fully compatible, it keeps users from accessing .gov sites. They just get error responses.”

Sandia also made this promo video available.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a