[dns-operations] resolvers considered harmful
Florian Weimer
fw at deneb.enyo.de
Wed Oct 22 18:48:07 UTC 2014
* David Conrad:
> On Oct 22, 2014, at 10:27 AM, Florian Weimer <fw at deneb.enyo.de> wrote:
>> I've suggested multiple times that one
>> possible way to make DNS cache poisoning less attractive is to cache
>> only records which are stable over multiple upstream responses, and
>> limit the time-to-live not just in seconds, but also in client
>> responses.
>
> Why not just turn on DNSSEC?
Important zones are still unsigned, so I can understand why there is a
desire for altenative solutions.
More information about the dns-operations
mailing list