[dns-operations] we may finally have a dnssec use case ; -) Re: Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)
George Barwood
george.barwood at blueyonder.co.uk
Mon Mar 29 13:48:15 UTC 2010
----- Original Message -----
From: "Dobbins, Roland" <rdobbins at arbor.net>
To: <dns-operations at lists.dns-oarc.net>
Sent: Monday, March 29, 2010 8:33 AM
Subject: Re: [dns-operations] we may finally have a dnssec use case ; -) Re: Odd behaviour of DNS queries in PRC (facebook, youtube & twitter)
>
> On Mar 29, 2010, at 2:07 PM, George Barwood wrote:
>
>> The way to prevent attacks like this is to encrypt and authenticate packets, e.g.
>
> Ensuring the integrity of a transmission channel <> ensuring the integrity of the data transmitted across it.
That's true, but so what?
There are (at least) 3 aspects to security: Availibility, Privacy and Authentication.
DNSSEC only does authentication, which means it is not very secure by itself.
It might be better named "DNSAUTH".
Securing the transmission channel has many security benefits, in particular
it stops various denial of service attacks, of which this is an interesting example.
- George
More information about the dns-operations
mailing list