[166726] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNS and nxdomain hijacking

daemon@ATHENA.MIT.EDU (Ray Soucy)
Tue Nov 5 22:39:26 2013

In-Reply-To: <20131106033003.GB6728@dyn.com>
Date: Tue, 5 Nov 2013 22:39:15 -0500
From: Ray Soucy <rps@maine.edu>
To: Andrew Sullivan <asullivan@dyn.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

http://en.wikipedia.org/wiki/Response_policy_zone

RPZ functionality has been widely adopted in the past few years.  Also
known as "DNS Firewall".


On Tue, Nov 5, 2013 at 10:30 PM, Andrew Sullivan <asullivan@dyn.com> wrote:

> On Tue, Nov 05, 2013 at 07:57:59PM -0500, Phil Bedard wrote:
> >
> > I think every major residential ISP in the US has been doing this for 5+
> > years now.
>
> Comcast doesn't, because it breaks DNSSEC.
>
> A
>
> --
> Andrew Sullivan
> Dyn, Inc.
> asullivan@dyn.com
> v: +1 603 663 0448
>
>


-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[166726] in North American Network Operators' Group

Re: DNS and nxdomain hijacking

daemon@ATHENA.MIT.EDU (Ray Soucy)Tue Nov 5 22:39:26 2013

daemon@ATHENA.MIT.EDU (Ray Soucy)
Tue Nov 5 22:39:26 2013