On 29 Dec 2010, at 16:56, bmanning at vacation.karoshi.com wrote: > > presuposes the attack was server directed. the DNS-sniper will take > out your locally configured root KSK &/or replace it w/ their own. If they can do that then you have MUCH bigger problems than authenticity of DNS replies. Tony. -- f.anthony.n.finch <dot at dotat.at> http://dotat.at/