[dns-operations] resolvers considered harmful
David Conrad
drc at virtualized.org
Wed Oct 22 18:22:22 UTC 2014
On Oct 22, 2014, at 10:27 AM, Florian Weimer <fw at deneb.enyo.de> wrote:
> I've suggested multiple times that one
> possible way to make DNS cache poisoning less attractive is to cache
> only records which are stable over multiple upstream responses, and
> limit the time-to-live not just in seconds, but also in client
> responses.
Why not just turn on DNSSEC?
Regards,
-drc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141022/c0f3bb16/attachment.sig>
More information about the dns-operations
mailing list