Hello, welcome to the Wednesday, May 25th, 2016 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Seattle, Washington.

The US cert and very sign are warning again not to use your own internal top-level domain for things like WPAD, the protocol that automatically

assigns proxy servers.

This warning was released after VeriSign observed a large number of queries for some soon-to-be

assigned generic top-level domains to its global DNS servers.

Currently if this domain is not assigned, then of course you just get a failure in DNS lookup.

But once someone actually owns this top level domain they potentially could feed you

malicious proxy configurations the top one that very sign detected is dot global

but there are others like dot group dot death dot office prod, probably short for production, the number of other

top level domain names that people essentially just took for internal use and that maybe

then assigned as a new generic top level domain.

Now, theoretically, these queries should never really leave your network in the first place,

because your internal DNS server is supposed to resolve this if you sort of took over

that top-level domain.

But then again, mobile devices, laptops and like may leave your network.

The configuration remains intact

and then they will issue these queries to random external DNS servers.

At this point there are about 1,200 generic top level domains that have been issued.

Not all of them are actually in active use but they have essentially

been set up and they could be used at any point and sticking with DNS for a

moment here a new RFC was released 78 58 that proposes the use of DNS over TLS.

...