A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.
Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC and impacts all popular Domain Name System (DNS) implementations or services.
It allows a remote attacker to cause a long lasting denial-of-service (DoS) condition in vulnerable resolvers by sending a single DNS packet.
DNS is what allows us humans to access online locations by typing in domain names instead of the server's IP address our computer needs to connect to.
DNSSEC is a feature of the DNS that brings cryptographic signatures to DNS records, thus providing authentication to responses; this verification ensures that DNS data comes from the source, its authoritative name server, and has not been modified on the way to route you to a malicious location.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
