[dns-operations] Spoofing DNS with fragments

Volker Janzen voja at voja.de
Tue Sep 11 10:10:25 UTC 2018


Hi,

> Note that as long as one CA does not validate, DNSSEC is not a
> sufficient defense, you need DANE as well (otherwise the attacker will
> go to another CA).

or CAA records.


Kind regards,
    Volker



More information about the dns-operations mailing list