I published the following diary on isc.sans.edu: “Tracking Unexpected DNS Changes”:
DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning about recent DNS hijacking attacks. Indeed, when you want to visit the website ‘isc.sans.org’, you must be sure that the visited server will be 204.51.94.153 and not a malicious one controlled by a malicious server. From an end-user point of view, we have to rely on the DNS. it’s not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the correct information… [Read more]