[dns-operations] difference between dns spoofing and dns hijacking?

Paul Vixie paul at redbarn.org
Tue Jul 24 14:53:39 UTC 2018

Lauren C. wrote:
> But some devices such as China's great wall can capture DNS transit
> packages and modify them even cache server doesn't know this.

the traditional dns resolution path is fragile and attack-prone. this is 
why dnssec and tcp-with-crypto are getting so much attention. china will 
adapt, but most of the nxdomain-ad-insertion market will not.

-- P Vixie

More information about the dns-operations mailing list