From: Bora Akyol (no email)
Date: Mon Nov 05 2007 - 17:13:25 EST
Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?
Regards
Bora
On 11/5/07 11:54 AM, "Steven M. Bellovin" <> wrote:
>
> On Mon, 5 Nov 2007 11:17:29 -0800
> David Conrad <> wrote:
>
>> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
>>> What affect will Allegedly Secure DNS have on such provider
>>> hijackings, both of DNS and crammed-in content?
>>
>> If what Verizon is doing is rewriting NXDOMAIN at their caching
>> servers, DNSSEC will _not_ help. Caching servers do the validation
>> and the insertion of the search engine IP addresses in the response
>> would occur after the validation.
>>
> Depends on whether or not the endpoints delegate DNSSEC validation to
> Verizon. They don't have to.
>
|
|
|