Skip to content

Instantly share code, notes, and snippets.

@tqbf

tqbf/DNSSEC History.md Secret

Created December 24, 2021 20:09
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tqbf/06cecff8c2bcda29828fedafc811b635 to your computer and use it in GitHub Desktop.
Save tqbf/06cecff8c2bcda29828fedafc811b635 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
DNSSEC History.md

A Brief, Inaccurate History of DNSSEC

1990

  • The Phlogiston era of cryptography.

  • DNS Prehistory.

1992

  • Work begins on what becomes IPSEC.

1994

  • Internet hosts are exploited via NFS mounts exported read/write to the whole world.

  • The original DNSSEC draft. Defines KEY, SIG, and NXD (NXT); had whole-message authentication, RSA signatures directly over raw DNS information instead of digests, but otherwise set the service model and core design of current DNSSEC.

1995

  • Netscape releases SSL 2.0 (a/k/a "SSL"), ushering in Internet commerce.

  • Thomas Lopatic publishes the first modern stack overflow exploit for HP-UX NCSA httpd, ushering in the modern software security era.

1996

  • Paul Kocher publishes SSL 3.0, the first cryptographically credible version of SSL/TLS.

  • Donald Eastlake publishes RFC2065, the first standards-track DNSSEC protocol, with KEY, SIG, and NXT.

1997

  • Eugene Kashpureff publicizes his alternate DNS root (AlterNIC) by exploiting DNS cache poisoning to hijack InterNIC (home of the "real" root). AlterNIC fails and Kashpureff ends up with a felony conviction.

1998

  • Daniel Bleichenbacher publishes the PKCS #1 RSA padding oracle attack. PKCS #1 RSA formats are later obsoleted, but remain in DNSSEC.

  • TIS Labs secures a DARPA contract to develop and standardize DNSSEC.

1999

  • Donald Eastlake publishes RFC2353, which refines but doesn't substantially change DNSSEC.

  • RFC2538 formally suggests using the DNSSEC-secured DNS to store certificates, replacing CAs.

2000

  • Nominum, formed months earlier to commercialize open-source DNS work, announces BIND 9 ("a/k/a modern BIND"), built under contract to ISC, the previous maintainers of BIND. BIND 9 is the first major implementation of DNSSEC. Nominum employees are heavily represented on the DNS working group mailing list.

  • Six years have passed since the first draft of DNSSEC was published.

  • Operators balk at cumbersome parent/child coordination requirements in '90s DNSSEC design, and design begins on the Delegation Signer (DS) record, which adds a layer of indirection allowing child zones to manage their own records and keys and avoid rekeying the entire DNS if the root is compromised.

2001

  • EFF-founder and cypherpunk John Gilmore asks the DNS mailing list what the point of DNSSEC is, given that browser stub resolvers can't speak it. He's told he's overreacting and the subject is quickly changed.

  • Discussions regarding "opt-in". TLDs like .COM delegate millions of subdomains, almost all of which don't use DNSSEC. Managers of those TLDs would rather not bear the expense of signing their records (pointlessly). Paul Vixie: "i have an alternative proposal. use hardware crypto and since .COM with the protocol we have now and stop the merry-go-round of dnssec protocol development before a lot of us are overcome with motion sickness."

  • DNSSEC-bis begins.

2003

  • Daniel J. Bernstein, noted cryptographer and author of djbdns, objects to a proposed RFC that would lock in BIND's AXFR (zone transfer) behavior and reject djbdns's. The working group chases him off the mailing list with pitchforks and torches. Bernstein hasn't been engaged for advice regarding DNSSEC, and will not engage later, other than to tour a talk ridiculing the protocol.

  • The DS record is found to conflict with the original DNSSEC semantics; the "typecode roll" occurs, changing KEY, SIG, and NXT to DNSKEY, RRSIG, and NSEC. No pretense of adoption of the original DNSSEC remains.

2004

  • Nominet informs the DNS working group that it cannot deploy DNSSEC for .UK because NSEC chains disclose the full contents of zones, as if by zone transfer, and this violates privacy laws and end-user expectations. Oops.

  • OpenSSL core team member Ben Laurie, consulting for Nominet, proposes NSEC3, a scheme for replacing chained DNS names with hashes, as if in a password file. A truly epic mailing list battle ensues, involving the comparative politics of the UK and Denmark, the simplicity of dictionary attacks on DNS zones, and the utility of adaptive hashing. Paul Vixie volunteers to assuage the concerns of European legislators, publicly regrets writing the BIND code that allows operators to block zone transfers.

2005

  • 11 years have passed since the first DNSSEC draft was published.

  • "White lies", an implementation hack in which DNSSEC servers throw off chaff names to confuse dictionary attackers, is first proposed.

  • RFC4033-4035 defines the current DNSSEC protocol.

2006

  • Work begins on BIND 9 support for NSEC3.

2007

  • DNS Amplification attacks, in which attackers spoof their victim's addresses on small DNS requests that generate large DNS responses, become DDoS-attack-du-jour.

2008

  • Ben Laurie publishes the NSEC3 RFC.

  • Dan Kaminsky destroys the Internet by discovering a novel way to combine DNS query-id guessing with DNS record caching attacks. The Internet you are using now is just a dreamlike echo of the once-living Internet, like the movie Jacob's Ladder. All BIND DNS servers (ie, most Internet DNS servers) are vulnerable. Daniel J. Bernstein's djbdns is not. Note: I may have helped Kaminsky ruin the Internet by accidentally publishing a blog post; it's complicated.

  • Improved query and source port randomization in BIND blunts Kaminsky's attack, but the drama over the attack renews interest in DNSSEC.

2010

  • In a secret ceremony at the Stonecutter Lodge, Dan Kaminsky swears an oath, is paddled and shackled to the Stone of Shame, released, and given some or all of the DNS root key or something like that, I can never remember.

2011

  • Out of the still-smoldering wreckage of the Kaminsky DNS attack disaster, humanity reemerges and begins to fight back. Dogs are stationed by the entrances to detect Terminators.

  • RFC6394 is published, defining DANE, a scheme in which (presumably DNSSEC-secured) DNS subsumes some of the functionality of Certificate Authorities.

2014

  • 20 years have passed since the first draft of DNSSEC was published.

  • No browser implements DNSSEC. No payments, banking, or financial company publicly cops to using DNSSEC.

  • Chicago rock singer Thomas Ptacek records "Brief, Inaccurate History of DNSSEC". Rock me, Brief Inaccurate History of DNSSEC!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment