DNS hardening, was Re: Dan Kaminsky

Phil Regnauld regnauld at catpipe.net
Wed Aug 5 13:06:08 CDT 2009


bert hubert (bert.hubert) writes:
> 
> 5 is 'edns ping', but it was effectively blocked because people
> thought DNSSEC would be easier to do, or demanded that EDNS PING
> (http://edns-ping.org) would offer everything that DNSSEC offered.

	I'm surprised you failed to mention http://dnscurve.org/crypto.html,
	which is always brought up, but never seems to solve the problems
	mentioned.





More information about the NANOG mailing list