[dns-operations] security-aware stub resolver

Ralf Weber denic at eng.colt.net
Thu May 22 20:28:41 UTC 2008


On May 22, 2008, at 21:48 , David Conrad wrote:
> As we've seen repeatedly, unless you run your own caching server, you
> can't really trust the response.  Particularly if you rely on your
> ISP...
Well the ISP may be forced by some government to give out a false
response so you can as always blame the government ;-). I do agree
that stubs should not be used, there wide scale deployment wouldn't
work anyway, at least with TSIG, which being a shared secret would
not scale with millions of broadband users.

So long
Ralf Weber
Platform Infrastructure Manager
Colt Telecom GmbH

COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland *
Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 *
Geschäftsführer: Albertus Marinus Oosterom (Vors.), Rita Thies *
Amtsgericht Frankfurt/Main HRB 53898 * USt.-IdNr. DE 220 772 475

More information about the dns-operations mailing list