Re: Hey, SiteFinder is back, again...

• Previous message: Mark Andrews: "Re: Hey, SiteFinder is back, again..."
• Maybe in reply to: David Lesher: "Hey, SiteFinder is back, again..."
• Next in thread: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Reply: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In article <> you write:
>
>On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
>> What affect will Allegedly Secure DNS have on such provider
>> hijackings, both of DNS and crammed-in content?
>
>If what Verizon is doing is rewriting NXDOMAIN at their caching
>servers, DNSSEC will _not_ help. Caching servers do the validation
>and the insertion of the search engine IP addresses in the response
>would occur after the validation.
>
>Regards,
>-drc
>

        All you have to do is move the validation to a machine you
        control to detect this garbage.

                dnssec-enable yes;
                dnssec-validation yes;
                forward only;
                forwarders { <Verizon's caching servers>; };
                dnssec-lookaside . trust-anchor <dlv registry>;

        All lookups which Verizon has interfered with from signed zones
        will fail.

        Mark

• Previous message: Mark Andrews: "Re: Hey, SiteFinder is back, again..."
• Maybe in reply to: David Lesher: "Hey, SiteFinder is back, again..."
• Next in thread: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Reply: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]