dnssec
Safeguard articles tagged "dnssec" — guides, analysis, and best practices for software supply chain and application security.
4 articles
DNS attack techniques and defenses
Cache poisoning, tunneling, and NXDOMAIN floods all abuse the same trust: DNS was built to be fast and open, not authenticated.
When DNSSEC Goes Wrong: The .de TLD Signing Failure That Took Down German Domains (May 5, 2026)
On May 5, 2026, DENIC published unvalidatable DNSSEC signatures for the .de zone after a deployment defect made its signer generate three key pairs instead of one. Validating resolvers worldwide, including Cloudflare's 1.1.1.1, were forced to return SERVFAIL.
How to configure DNSSEC
A practical, command-by-command guide to configure DNSSEC on managed and self-hosted DNS, verify the chain of trust, and prevent DNS spoofing across your supply chain.
DNS Security and Software Distribution: The Foundation Nobody Secures
Every software download, package install, and API call starts with a DNS query. DNS compromise redirects your supply chain at the most fundamental level — and most organizations have no visibility.