Serious DNS Flaw Could Disrupt Internet, Major Providers Scramble to Patch
-
KeyTrap is a serious DNS vulnerability that allows one packet to disrupt internet access for extended periods. It impacts all major DNS implementations.
-
KeyTrap exploits a longstanding design issue in DNSSEC that causes vulnerable resolvers to get overloaded with cryptographic processing.
-
A single request can stall responses for over 16 hours. It could disable large parts of the internet.
-
KeyTrap went undetected for 25 years due to the complexity of DNSSEC validation. Complete details are in a technical report.
-
Major DNS providers like Google, Cloudflare, and Akamai have implemented fixes, but fundamentally addressing it may require rethinking DNSSEC design.