jm + resolvers   3

New Spam Campaign Controlled by Attackers via DNS TXT Records
Ah, Google, what were you thinking?
When decoded, this string is an URL to Google's public DNS resolve for a particular domain. For example, the above string decodes to https://dns.google.com/resolve?name=fetch.vxpapub.[omitted].net&type=TXT.

The attachment's script will use this URL to retrieve the associated domain's TXT record.
A TXT record is a DNS entry that can be used to store textual data. This field is typically used for SPF or DMARC records, but could be used to host any type of textual content.

The nice part about using the Google's DNS resolver is that the information will be returned as JSON, which makes it easy for the malicious script to extract the data it needs.


(via Paul Vixie)
txt  dns  google  resolvers  spam  fail  security  via:paulvixie 
13 days ago by jm
Quad9
Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. 

Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. 

Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system. 

Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS


Awesome!
quad9  resolvers  dns  anycast  ip  networking  privacy  security 
november 2017 by jm

Copy this bookmark:



description:


tags: