ATHENE researchers discover fundamental design flaws in DNSSEC


Led by Prof. Haya Schulmann of Goethe University Frankfurt, a team of ATHENE researchers has uncovered a critical flaw in the design of DNSSEC (DNS Security Extensions), which is a vulnerability in all Domain Name System (DNS) implementations. DNS is one of the fundamental building blocks of the Internet. Without a fix, the design flaw could have devastating consequences for virtually all DNS implementations using DNSSEC and public DNS providers such as Google and Cloudflare.

The researchers worked with all relevant vendors and major public DNS providers over several months and assisted them in developing a series of specific patches, the latest of which were released on Tuesday, February 13. It is strongly recommended that all DNS service providers apply these patches immediately to mitigate this critical vulnerability.

Further information and a technical report can be found here.

Go to press release

show all news