DNSSEC Error Caused NASA Website To Be Blocked
DNSSEC Error Caused NASA Website To Be Blocked Comcast's new DNSSEC-based service detected improper signing of NASA site Jan 25, 2012 | 03:30 PM By Kelly Jackson Higgins Dark Reading The hazards of early DNSSEC adoption: A misconfiguration in NASA's Domain Name System Security Extensions (DNSSEC) implementation on its website caused Comcast's network to block users from the site last week. This is a glaring example of the difficulties in today's mostly manual process of configuring DNS servers to support the new security protocol that prevents attacks that redirect users to malicious websites. The DNSSEC protocol basically ensures DNS entries remain unchanged in transit and are digitally signed to ensure their authenticity. NASA had incorrectly signed DNSSEC in its implementation of the new security protocol last week, causing Comcast's newly DNSSEC-enabled service to automatically block access to the site. Comcast earlier this month became one of the first ma...