Hey, SiteFinder is back, again...
bora.akyol at aprius.com
Mon Nov 5 22:13:25 UTC 2007
Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?
On 11/5/07 11:54 AM, "Steven M. Bellovin" <smb at cs.columbia.edu> wrote:
> On Mon, 5 Nov 2007 11:17:29 -0800
> David Conrad <drc at virtualized.org> wrote:
>> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
>>> What affect will Allegedly Secure DNS have on such provider
>>> hijackings, both of DNS and crammed-in content?
>> If what Verizon is doing is rewriting NXDOMAIN at their caching
>> servers, DNSSEC will _not_ help. Caching servers do the validation
>> and the insertion of the search engine IP addresses in the response
>> would occur after the validation.
> Depends on whether or not the endpoints delegate DNSSEC validation to
> Verizon. They don't have to.
More information about the NANOG