[dns-operations] Can Root DNS server modify the response?

[Paul Vixie]

Deliberately false answers meant to render content unreachable would be easier to hide from a recursive than from an authority, and more practical there against non tld names, given Stephane's qname minimization efforts. But even so, such would be detected and loudly discussed. There is no legitimate concern about cloud flare as a dns poisoner, which was the genesis of this miserable thread from hell. --vixie

⁣Get BlueMail for Android ​

On 25 Mar 2019, 17:48, at 17:48, "Ondřej Surý" <ondrej at sury.org> wrote:
>For a *censorship* purposes, there’s no difference between not getting
>an answer or not getting an answer.
>
>As much as I love DNSSEC, it doesn’t prevent censorship implemented as
>DoS.
>
>Ondřej 
>--
>Ondřej Surý <ondrej at sury.org>
>
>On 25 Mar 2019, at 16:18, Viktor Dukhovni <ietf-dane at dukhovni.org>
>wrote:
>
>>> On Mar 25, 2019, at 10:56 AM, Ondřej Surý <ondrej at sury.org> wrote:
>>> 
>>> Matt, there’s no difference between NXDOMAIN and SERVFAIL from the
>client perspective.
>> 
>> Actually, there is for DANE, SPF, Kerberos domain to realm mappings,
>...
>> but TLDs are not usually in scope for this type of query.
>> 
>> [ The DNS is not *just* for web browsing ]
>> 
>> -- 
>>    Viktor.
>> 
>> 
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-operations mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190326/471151e3/attachment.html>