North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Hey, SiteFinder is back, again...

  • From: Eliot Lear
  • Date: Tue Nov 06 01:57:03 2007
  • Authentication-results: ams-dkim-1; [email protected]; dkim=pass (s ig from cisco.com/amsdkim1002 verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=620; t=1194332125; x=1195196125; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Eliot=20Lear=20<[email protected]> |Subject:=20Re=3A=20Hey,=20SiteFinder=20is=20back,=20again... |Sender:=20; bh=K3PqZJ/h4A03k4elWfu7sgjrTOEU/YG3xIMYSvFQYWI=; b=wIGoJ84pNBoEcZUalP4qu0SfQqcqW9VUGfr3L9Wc42pTIhF17BAN8VX3tJ0qSksJpPm/f1Mo QtU+dr0GfOBDW+T13q1UwtepBzBfMIRLS8Og+8DCxof5BO94GMPstpuM;
David Conrad wrote:
>
> On Nov 5, 2007, at 2:13 PM, Bora Akyol wrote:
>> Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
>> Validation? If not, then do people have a choice?
>
> Yes and no.

Of course, nobody supports the "Evil bit" today, so some change would be
necessary one way or the other to deal with this.  One wonders whether
Verizon's behavior is enough to cause Microsoft to turn on a caching
resolver.  One issue Dave didn't raise is that firewalls often block DNS
requests from OTHER than caching resolvers.

Cough.  So, how much is that NXDOMAIN worth to you?

Eliot