[dns-operations] MaginotDNS: Attacking the boundary of DNS caching protection
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Sep 26 15:34:52 UTC 2023
I'm reading the paper behind "MaginotDNS: Attacking the boundary of
DNS caching protection"
<https://blog.apnic.net/2023/09/26/maginotdns-attacking-the-boundary-of-dns-caching-protection/>
<https://www.usenix.org/system/files/usenixsecurity23-li-xiang.pdf>.
Am I correct to think that forwarding from the CDNS to the upstream
resolver with DoT (DNS over TLS) would be sufficient to disable the
attack (even TCP or cookies would be enough if the attacker is
off-path)?
More information about the dns-operations
mailing list