nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hey, SiteFinder is back, again...

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Mon, 5 Nov 2007 19:54:47 +0000

On Mon, 5 Nov 2007 11:17:29 -0800
David Conrad <drc () virtualized org> wrote:


On Nov 5, 2007, at 8:23 AM, David Lesher wrote:

What affect will Allegedly Secure DNS have on such provider
hijackings, both of DNS and crammed-in content?


If what Verizon is doing is rewriting NXDOMAIN at their caching
servers, DNSSEC will _not_ help.  Caching servers do the validation
and the insertion of the search engine IP addresses in the response
would occur after the validation.


Depends on whether or not the endpoints delegate DNSSEC validation to
Verizon.  They don't have to.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb
Previous By Date Next
Previous By Thread Next

Current thread: