North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Hey, SiteFinder is back, again...

  • From: Bora Akyol
  • Date: Mon Nov 05 17:16:20 2007

Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?

Regards

Bora



On 11/5/07 11:54 AM, "Steven M. Bellovin" <[email protected]> wrote:

> 
> On Mon, 5 Nov 2007 11:17:29 -0800
> David Conrad <[email protected]> wrote:
> 
>> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
>>> What affect will Allegedly Secure DNS have on such provider
>>> hijackings, both of DNS and crammed-in content?
>> 
>> If what Verizon is doing is rewriting NXDOMAIN at their caching
>> servers, DNSSEC will _not_ help.  Caching servers do the validation
>> and the insertion of the search engine IP addresses in the response
>> would occur after the validation.
>> 
> Depends on whether or not the endpoints delegate DNSSEC validation to
> Verizon.  They don't have to.
>