NXDOMAIN Resolvers

• Previous message (by thread): NXDOMAIN Resolvers
• Next message (by thread): NXDOMAIN Resolvers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 20, 2022 at 8:00 AM Antonia Affinito <
antoniaaffinito12 at gmail.com> wrote:

> I noticed that, in case of a malicious domain name, some local resolvers
> send an NXDOMAIN and others a courtesy page address. Do you know if the
> resolvers (for example TIM, Wind or Fastweb) can return an NXDomain in
> order to protect their clients?
>

Howdy,

>From a network engineering perspective, any resolver that responds to an
authoritative NXDOMAIN by generating an address for a courtesy page -is-
the malicious actor. Doubly so if they lie about the DNSSEC status in the
response.

Regards,
Bill Herrin

-- 
William Herrin
bill at herrin.us
<https://bill.herrin.us/>
https://bill.herrin.us/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220420/9c213fff/attachment.html>

• Previous message (by thread): NXDOMAIN Resolvers
• Next message (by thread): NXDOMAIN Resolvers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]