[dns-operations] Trend/ISC DNS Changer takedown.
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 11 10:36:58 UTC 2011
On Nov 11, 2011, at 4:58 PM, Peter Koch wrote:
> wouldn't it be of great help if everybody just protected their customers/users from falling victim to this evil by applying the appropriate access lists?
. . . and if they all deployed anti-spoofing at their edges, and if they deployed all the network infrastructure self-protection BCPs, and if they . . . well, you get the idea.
;>
But DNSSEC has to be baked all the way down into the libs and the client/server OSes and the apps in order to be truly effective - and even then, unless/until libs and OSes are cryptographically signed and enforced (assuming that's a desirable thing, in the bigger picture) via hardware, other subversion mechanisms are possible. Increments, though.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list