[dns-operations] DNS Attack over UDP fragmentation
paul at redbarn.org
Thu Sep 5 21:54:18 UTC 2013
Florian Weimer wrote:
> Because DNSSEC does not prevent cache poisoning, it only detects it.
i do not understand this statement.
> ... In retrospect, not signing delegations and glue was a huge mistake.
one of many. but we're 17 years into the dnssec experience, so starting
over is either contraindicated or our only salvation, depending.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations