[dns-operations] Spoofing DNS with fragments
paul at redbarn.org
Wed Sep 12 17:15:03 UTC 2018
If there is only one very narrow path to implemention of dnssec that will be secure, then that should be part of the specification.
----- Original Message -----
From: Florian Weimer <fweimer at redhat.com>
Sent: 2018-09-12 - 08:00
To: Mark Andrews <marka at isc.org>, Paul Vixie <paul at redbarn.org>
Subject: Re: [dns-operations] Spoofing DNS with fragments
> On 09/12/2018 12:50 AM, Mark Andrews wrote:
>> TSIG with a well known key doesn’t require a flag day.
> I'm worried that using TSIG will require a flag day eventually, just
> like EDNS.
> The buffer size hack, combined with kernel assistance on some systems,
> looks much more promising, and it only requires fixing the authoritative
> server side, too.
More information about the dns-operations