The “general availability” of Google’s Public DNS-over-HTTPS service brings us closer to a world where all online communications, including DNS requesoverare encrypted by default.
The domain control validation process relies on protocols and systems that are susceptible to compromise, so Cloudflare is hoping to fix that with a new service that validates certificates from multiple points.
This is not the decentralized network we were promised. The majority of the world’s DNS transactions pass through authoritative name servers operated by less than 10 organizations, DNS Observatory found.
The DNSpionage attack group is now using a new backdoor called Karkoff, which may have ties to the OilRig leaks as well.
A group of attackers has been running a DNS hijacking campaign known as Sea Turtle that targets energy, intelligence, and military organizations.