[dns-operations] DNS Attack over UDP fragmentation
Paul Vixie
paul at redbarn.org
Thu Sep 5 21:54:18 UTC 2013
Florian Weimer wrote:
> ...
>
> Because DNSSEC does not prevent cache poisoning, it only detects it.
i do not understand this statement.
> ... In retrospect, not signing delegations and glue was a huge mistake.
one of many. but we're 17 years into the dnssec experience, so starting
over is either contraindicated or our only salvation, depending.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130905/ffe24e87/attachment.html>
More information about the dns-operations
mailing list