[dns-operations] DNS Attack over UDP fragmentation

Paul Vixie paul at redbarn.org
Thu Sep 5 21:54:18 UTC 2013

Florian Weimer wrote:
> ...
> Because DNSSEC does not prevent cache poisoning, it only detects it.

i do not understand this statement.

> ... In retrospect, not signing delegations and glue was a huge mistake.

one of many. but we're 17 years into the dnssec experience, so starting
over is either contraindicated or our only salvation, depending.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130905/ffe24e87/attachment.html>

More information about the dns-operations mailing list