[100705] in North American Network Operators' Group
Re: Hey, SiteFinder is back, again...
daemon@ATHENA.MIT.EDU (Bora Akyol)
Mon Nov 5 17:15:21 2007
Date: Mon, 05 Nov 2007 14:13:25 -0800
From: Bora Akyol <bora.akyol@aprius.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
CC: nanog list <nanog@merit.edu>
In-Reply-To: <20071105195447.1dcd635f@cs.columbia.edu>
Errors-To: owner-nanog@merit.edu
Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?
Regards
Bora
On 11/5/07 11:54 AM, "Steven M. Bellovin" <smb@cs.columbia.edu> wrote:
>
> On Mon, 5 Nov 2007 11:17:29 -0800
> David Conrad <drc@virtualized.org> wrote:
>
>> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
>>> What affect will Allegedly Secure DNS have on such provider
>>> hijackings, both of DNS and crammed-in content?
>>
>> If what Verizon is doing is rewriting NXDOMAIN at their caching
>> servers, DNSSEC will _not_ help. Caching servers do the validation
>> and the insertion of the search engine IP addresses in the response
>> would occur after the validation.
>>
> Depends on whether or not the endpoints delegate DNSSEC validation to
> Verizon. They don't have to.
>
