DNS and nxdomain hijacking

• Previous message (by thread): DNS and nxdomain hijacking
• Next message (by thread): DNS and nxdomain hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/5/13, 11:01 PM, "Mark Andrews" <marka at isc.org> wrote:

>In message <20131106033003.GB6728 at dyn.com>, Andrew Sullivan writes:
>> On Tue, Nov 05, 2013 at 07:57:59PM -0500, Phil Bedard wrote:
>> > 
>> > I think every major residential ISP in the US has been doing this for
>>5+
>> > years now.
>> 
>> Comcast doesn't, because it breaks DNSSEC.
>
>Only if you are validating.

Exactly. And this was one of the central arguments that helped defeat the
DNS redirection portions of SOPA/PIPA/ProtectIP/COICA.

Jason

• Previous message (by thread): DNS and nxdomain hijacking
• Next message (by thread): DNS and nxdomain hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]