|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Hey, SiteFinder is back, again...
In article <[email protected]> you write: > >On Nov 5, 2007, at 8:23 AM, David Lesher wrote: >> What affect will Allegedly Secure DNS have on such provider >> hijackings, both of DNS and crammed-in content? > >If what Verizon is doing is rewriting NXDOMAIN at their caching >servers, DNSSEC will _not_ help. Caching servers do the validation >and the insertion of the search engine IP addresses in the response >would occur after the validation. > >Regards, >-drc > All you have to do is move the validation to a machine you control to detect this garbage. dnssec-enable yes; dnssec-validation yes; forward only; forwarders { <Verizon's caching servers>; }; dnssec-lookaside . trust-anchor <dlv registry>; All lookups which Verizon has interfered with from signed zones will fail. Mark
|