[dns-operations] we may finally have a dnssec use case ; -) Re: Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)

bert hubert bert.hubert at netherlabs.nl
Thu Mar 25 19:54:29 UTC 2010

On Thu, Mar 25, 2010 at 11:36:30AM -0300, Mauricio Vergara Ereche wrote:
> <hat "personal">
> I second Stephane and previous Bert's opinion.

Given the nature of why this is happening, this is one of the first usecases
I see for DNSSEC that actually is worth the administrative overhead. 
Preventing Kaminsky spoofing, which appears not to be happening anyhow, is
not that exciting, and may not be worth the effort.

But preventing nation states from *globally* changing DNS traffic (even if
only by accident), far beyond their shores, might be a great idea.

Especially since there is little alternative except to stop doing anycast
root root-server, or everyone downloading a copy of the root zone (or both).


More information about the dns-operations mailing list