[166736] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNS and nxdomain hijacking

daemon@ATHENA.MIT.EDU (Livingood, Jason)
Wed Nov 6 09:01:10 2013

From: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
To: Mark Andrews <marka@isc.org>
Date: Wed, 6 Nov 2013 13:57:33 +0000
In-Reply-To: <20131106040100.4C7E599919A@rock.dv.isc.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 11/5/13, 11:01 PM, "Mark Andrews" <marka@isc.org> wrote:

>In message <20131106033003.GB6728@dyn.com>, Andrew Sullivan writes:
>> On Tue, Nov 05, 2013 at 07:57:59PM -0500, Phil Bedard wrote:
>> >=20
>> > I think every major residential ISP in the US has been doing this for
>>5+
>> > years now.
>>=20
>> Comcast doesn't, because it breaks DNSSEC.
>
>Only if you are validating.

Exactly. And this was one of the central arguments that helped defeat the
DNS redirection portions of SOPA/PIPA/ProtectIP/COICA.

Jason


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[166736] in North American Network Operators' Group

Re: DNS and nxdomain hijacking

daemon@ATHENA.MIT.EDU (Livingood, Jason)Wed Nov 6 09:01:10 2013

daemon@ATHENA.MIT.EDU (Livingood, Jason)
Wed Nov 6 09:01:10 2013