Re: [DNSOP] Practical issues deploying DNSSEC into the home.

ietf

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-12 11:48:37

On Sep 12, 2013, at 11:07 AM, Theodore Ts'o <tytso(_at_)mit(_dot_)edu> wrote:

Finally, if you think the target can try to find random caching
nameservers all across the networ to use, (a) there are certain
environments where this is not allowed --- some ISP's or hotel/coffee
shop/airline's networks require that you use their name server, and
(b) for good and proper reasons, most nameservers have been configured
not to allow recursive queries to random IP addresses.


The model for this sort of validation is really not on a per-client basis, but 
rather depends on routine cross-validation by various DNSSEC operators 
throughout the network.   This will not necessarily catch a really focused 
attack, so it's not a panacea, but it would limit the scope of the threat for 
this sort of attack.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [DNSOP] Practical issues deploying DNSSEC into the home., (continued) Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Martin Rex Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Tony Finch Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon <= Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Eliot Lear Re: [DNSOP] Practical issues deploying DNSSEC into the home., Dickson, Brian Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Dickson, Brian Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon

Previous by Date:	Re: [spfbis] Conclusions of Last Call for draft-ietf-spfbis-4408bis, Rolf E. Sonneveld
Next by Date:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o
Previous by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters
Next by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o
Indexes:	[Date] [Thread] [Top] [All Lists]