vrijdag 15 augustus 2008

DNSsec as is a solution, right?

Since the latest DNS patch horror for those who _still_ use BIND over DJBDNS or OpenDNS, a lot of smart people who know a lot more about DNS then you & me together have been pointing to DNSsec as an even better cure.

DNSsec is a bitch to setup and use, even the guruus over at SANS are reluctantly and carefully touching the DNSsec waters. To actually benevit from the sec part of DNSsec, the end user would need to 'see' something like a nice big fat green thingy when connected to a DNSsec protected website, right?

Unfortunatly DNSsec is still not really widely deployed. There is no buildin firefox [or anyother browser for that matter] support.

Well for Firefox there is an extention for all your needs, to for DNSsec there is too. Called the DRILL extention. It would not install on my FF 3.0.1 since the DRILL exention ‘will not be installed because it does not provide secure updates’. Solution: go to the about page, create a new bolean called extensions.checkUpdateSecurity and set it to false. Try again & fail again: the extention does not support FF 3.x

So much for the nice effort.

Geen opmerkingen: