[dns-operations] resolvers considered harmful

Simon Munton Simon.Munton at cdns.net
Thu Oct 23 07:41:11 UTC 2014

If a poisoning attack does not require access to a resolver, surely the 
same attack will not require access to the end host?

Comes down to the age old argument of one big machine (easier to secure 
but provides a bigger target) to billions of little machines (almost 
impossible to be all secure but each target is smaller).

On 23/10/14 02:07, Mark Allman wrote:
> Could there be attacks against the internal lookup process on a host?
> Of course.  But, those are attacks that require some sort of access to
> the end host first.

More information about the dns-operations mailing list