DNSSEC can be exploited for massive DDos attacks

A research report recently published by Neustar shows that  domains with badly configured Domain Name System Security Extension (DNSSEC) can be used to launch denial-of-service attacks. DNSSEC is a security extension aimed to combat DNS hijacking; however, if not properly secure, DNSSEC can be exploited, weaponised, and ultimately used to create massive DDoS attack’. After having examined 1349 DNSSEC-signed domains, Neustar concluded that 80% of them could be maliciously repurposed as a DDoS attack amplifier.