funsec mailing list archives
Re: ICANN 2005 DNS Security Workshop
From: Valdis.Kletnieks () vt edu
Date: Sun, 29 Jun 2008 02:29:46 -0400
On Sat, 28 Jun 2008 22:09:52 CDT, Randy said:
Where did it go wrong?
For starters, consider all the unclued DNS operators that think that TCP/53 is *only* used for zone transfers, so the block it. When they get a query from a user that recurses to a DNSSEC entry that doesn't fit in 512 bytes, they get back a 'truncated' reply. Their DNS resolver then retries on TCP and gets hosed by the firewall.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ICANN 2005 DNS Security Workshop Randy (Jun 28)
- Re: ICANN 2005 DNS Security Workshop Valdis . Kletnieks (Jun 28)