DNSSEC Your Domain or Else...

So last weekend I competed in TNW's Hack Battle in NYC which is very very rare for me since I usually serve as mentor/sponsor or judge at most of the hackathons that I attend.  I actually enjoy competing in hackathons & this time was no different. I enjoy being able to meet people with similar interests & sharing our creative ideas with the goal of just building shit to at the very least, flesh out these ideas.

My colleague affectionately A.K.A Martin "The Pullova" & I formed a team with no actual idea when we arrived but we quickly connected with some ppl that were sitting across from us at our table.  We pitched ideas back & forth before the sponsor talks/demos but after all of that I was inspired & an idea formed.  The Verisign sponsors pitched their Get DNS API project which basically has functionality to validate if domains are DNSSEC enabled.  For those of you who are asking WTF is DNSSEC bone up on it here


My idea basically consisted of a public shaming tool to build awareness around non-DNSSEC domains & engage the domain owners in securing their DNS in order to address privacy issues that are a result of non-secure DNS.  I believe in building awareness but also 100% believe in giving opportunities to resolve issues when discovered.  So the hack would shame ppl on social media but would also create a vehicle for the shamed to publicly make things right in full transparency. We would also provide some corrective recommendations for the offending domain based on the DNSViz tool also provided by Verisign.

We quickly found that the Get DNS API project already had a public shaming hack posted but all it did was shame the domains with no offer of redemption or recommendations on how to secure their DNS.  So we formed a team of 5 with some ppl that were sitting across the table.

Martin & I are primary living in devops roles these days our new teammates consisted of a very green developer, a business student & a pure graphical designer.   So the idea evolved into this hack:

  • Create a Chrome extension that validates the DNSSEC of visited domains
  • Get the Organization/Owner information for the domain via Whois
  • Post a shaming message to Twitter calling out their in-secure DNS
  • Send them a link to a todoist project that has some resources & actions they can perform to resolve the issue
  • Post some praise on social media addressing their willingness to fix the issue
We started working on the project & collaborated through the night building servers (on Linode props!!!), logo's, api's, landing pages, twitter accounts etc....  Everyone was passionately contributing & crushing the tasks at hand & the collective synergy was very truly inspiring.

At the end of it all we had most of the pieces for the hack prepared & functional but in true hackathon fashion integrating all the moving parts proved to be very difficult.  Our cloud server melted down because of overwritten dependency issue, the Chrome extension wasn't firing correctly on browse & last but not least we ran out of time!  Even with all this ruckus we were still able to band together & build a solid functional demo that clearly conveyed our concept & idea.

We proudly pitched our hack to the judges & shortly after I departed the event on a 2 hour drive home.  Upon arriving home I saw an msg from our teammate Sarah telling us that our hack won the Verisign sponsor prize for best use of their stuff!  It felt great but after reflecting on the win the biggest reward & gratification I got from the whole experience was actually collaborating with my teammates/peers. I was satisfied in working together to build out & demo the project no matter how fucked or incomplete we perceived it to be.

So to my teammates thank you for the experience & big ups to the TNWeb team for organizing a great weekend.  I had lots of fun competing in your event.  You should do it again next year!

One Response to DNSSEC Your Domain or Else...

Leave a Reply

yep don't use it unless you ask ;-). Powered by Blogger.