DNS and nxdomain hijacking
Ray Soucy
rps at maine.edu
Wed Nov 6 03:39:15 UTC 2013
http://en.wikipedia.org/wiki/Response_policy_zone
RPZ functionality has been widely adopted in the past few years. Also
known as "DNS Firewall".
On Tue, Nov 5, 2013 at 10:30 PM, Andrew Sullivan <asullivan at dyn.com> wrote:
> On Tue, Nov 05, 2013 at 07:57:59PM -0500, Phil Bedard wrote:
> >
> > I think every major residential ISP in the US has been doing this for 5+
> > years now.
>
> Comcast doesn't, because it breaks DNSSEC.
>
> A
>
> --
> Andrew Sullivan
> Dyn, Inc.
> asullivan at dyn.com
> v: +1 603 663 0448
>
>
--
Ray Patrick Soucy
Network Engineer
University of Maine System
T: 207-561-3526
F: 207-561-3531
MaineREN, Maine's Research and Education Network
www.maineren.net
More information about the NANOG
mailing list