Work at the CA/Browser Forum (DNSSEC Ballot SC-085v2) Directly Mitigating an Attack

[Henry Birge-Lee]

Hi all,

I wanted to bring up an interesting instance where recent work at the CA/Browser Forum (specifically the DNSSEC ballot SC-085v2) is directly cited as helping to mitigate the damage from a real-world attack.

On 2026-04-17, the crypto service eth.limo (a web3 DNS company) suffered a DNS hijack that involved the adversary malicious updating nameservers to gain control of eth.limo’s operations. However, eth.limo used DNSSEC and DNSSEC-validating recursive resolvers had cached eth.limo’s DS records. Thus, DNSSEC-validating recursive resolvers required a proper signature from eth.limo’s true DNSSEC key which the adversary did not have access to. During the attack, DNSSEC-validating resolvers returned SERVFAIL for the domain. Non-DNSSEC-validating resolvers on the other hand followed the malicious NS records and returned adversary-controlled records.

In eth.limo’s post-mortem ( https://x.com/eth_limo/status/2045552916157563148 ), they explicitly call out two CA/Browser Forum initiatives: CAA checking and DNSSEC validation of DCV and CAA (Ballot SC-085v2). Eth.limo uses this as justification/evidence to show that no valid TLS certificate could have been signed during the incident. I can say that without the ballot and the status quo our research team observed prior to the ballot’s passing, even a moderately determined adversary could have easily found a CA not validating DNSSEC which might have signed malicious certificates in these circumstances. Furthermore, eth.limo was alerted to the incident via downtime notifications. Had the adversary successfully escalated its attack to a true TLS MitM, the incident could have gone undetected for longer and caused substantially more damage. While it's hard to say with complete certainty, it appears likely that the passing of the DNSSEC ballot significantly mitigated the damage of this attack.

I want to take a moment to thank everyone who supported this proposal and helped make my original ballot draft a reality as SC-085v2 (including but not limited to Clint Wilson for proposing the ballot and Wayne Thayer, Dimitris Zacharopoulos, and Ryan Dickson for being endorsers). I also want to thank the CA/Browser Form participants as a whole. Often working on these standards is tireless work, and by the nature of web PKI being a preventative technology, this work is not always front and center in news headlines. This is a nice example where eth.limo took the time to read the standards and cite the particular initiatives that helped protect their platform and lead to zero malicious TLS certificates as a result of the DNS hijack. I hope this helps remind everyone of the importance of continuing to improve the standards and the state of TLS certificate issuance.

Best,

Henry