[dns-operations] summary of recent vulnerabilities in DNS security.
P Vixie
vixie at fsi.io
Mon Oct 21 10:34:00 UTC 2013
On Tuesday, October 22, 2013 18:57:41 Haya Shulman wrote:
>
> On Tue, Oct 22, 2013 at 6:20 PM, Rubens Kuhl <rubensk at nic.br> wrote:
>
>
> > Would DNSCrypt, supported by OpenDNS, be a possible mitigation to this
issue?
> ...
> > Would IPSEC between resolver and upstream forward be a possible
mitigation to this issue ?
>
> Sure, both solve the problem. In particular, any secure channel protocol,
> between the proxy resolver and an upstream forwarder, prevents the attacks.
so, if we develop eastlake cookies, which is necessary in any case due to the
ddos reflection problems, then your fragmentation related problems go away?
vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131021/e1c35f15/attachment.html>
More information about the dns-operations
mailing list