[dns-operations] Spoofing DNS with fragments

Florian Weimer fweimer at redhat.com
Wed Sep 12 15:00:16 UTC 2018


On 09/12/2018 12:50 AM, Mark Andrews wrote:
> TSIG with a well known key doesn’t require a flag day.

I'm worried that using TSIG will require a flag day eventually, just 
like EDNS.

The buffer size hack, combined with kernel assistance on some systems, 
looks much more promising, and it only requires fixing the authoritative 
server side, too.

Thanks,
Florian



More information about the dns-operations mailing list