[dns-operations] Norton DNS: Symantec emulates OpenDNS and Google

Otmar Lendl ol at bofh.priv.at
Tue Jun 15 19:38:40 UTC 2010

On 08.06.2010 03:00, Jay Daley wrote:
> And then of course there is the interesting question of how they intend
> to implement synthesis once DNSSEC is turned on?

Well, a DNSSEC validating stub resolver will return NXDOMAIN to the
application while I guess that Symantec will implement some sort of landing
page / explanation page if the client swallows their faked response.

In goal of preventing the browser from opening a potentially malicious page
is achieved in both cases.

Remember: DNSSEC provides only integrity, but adds little in terms of

In the case where they do the DNSSEC validation, as Warren wrote, flipping
on the AD bit is trivial.

-=-  Otmar Lendl  --  ol at bofh.priv.at  --  http://lendl.priv.at/  -=-

More information about the dns-operations mailing list