[dns-operations] difference between dns spoofing and dns hijacking?

[Paul Vixie]

Lauren C. wrote:
> But some devices such as China's great wall can capture DNS transit
> packages and modify them even cache server doesn't know this.

the traditional dns resolution path is fragile and attack-prone. this is 
why dnssec and tcp-with-crypto are getting so much attention. china will 
adapt, but most of the nxdomain-ad-insertion market will not.

-- P Vixie