[dns-operations] Norton DNS: Symantec emulates OpenDNS and Google
Otmar Lendl
ol at bofh.priv.at
Tue Jun 15 19:38:40 UTC 2010
On 08.06.2010 03:00, Jay Daley wrote:
>
> And then of course there is the interesting question of how they intend
> to implement synthesis once DNSSEC is turned on?
>
Well, a DNSSEC validating stub resolver will return NXDOMAIN to the
application while I guess that Symantec will implement some sort of landing
page / explanation page if the client swallows their faked response.
In goal of preventing the browser from opening a potentially malicious page
is achieved in both cases.
Remember: DNSSEC provides only integrity, but adds little in terms of
availability.
In the case where they do the DNSSEC validation, as Warren wrote, flipping
on the AD bit is trivial.
otmar
--
-=- Otmar Lendl -- ol at bofh.priv.at -- http://lendl.priv.at/ -=-
More information about the dns-operations
mailing list