[dns-operations] Massive DNS poisoning attacks in Brazil

Tony Finch dot at dotat.at
Wed Oct 3 11:23:56 UTC 2012

Paul Vixie <paul at redbarn.org> wrote:
> in <http://www.ietf.org/mail-archive/web/dnsext/current/msg11700.html> i
> was thinking that we'd add "send chain" as an edns option, and then add
> generic edns tunneling over tcp/80 and tcp/443 using distinctive URI
> patterns to make sure to plug into the dns responder in the remote web
> server. there's no reason to add 'send chain' just to the tunnel. and
> once the tunnel is open it should be able to remain open until a quiet
> period, so maybe a two second client-initiated timeout.

I like this plan.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

More information about the dns-operations mailing list