[dns-operations] DNS vulnerability: lowering risks by forwarding?

Lutz Donnerhacke lutz at iks-jena.de
Thu Jul 10 08:00:48 UTC 2008

* Gilles Massen wrote:
> A very practical question: would a (potentially open) resolver be less at risk
> if it forwarded all the queries to a 'good' resolver?

If you control the last mile between the vulnerable and the patched resolver
(especially against spoofing): Yes, this is a workaround.

More information about the dns-operations mailing list