nanog mailing list archives

Re: Hey, SiteFinder is back, again...

From: Mark Andrews <Mark_Andrews () isc org>
Date: Tue, 6 Nov 2007 12:31:28 +1100 (EST)


In article <E64EBBA5-3520-4E6A-9F00-6A884C383FE7 () virtualized org> you write:


On Nov 5, 2007, at 8:23 AM, David Lesher wrote:

What affect will Allegedly Secure DNS have on such provider
hijackings, both of DNS and crammed-in content?


If what Verizon is doing is rewriting NXDOMAIN at their caching  
servers, DNSSEC will _not_ help.  Caching servers do the validation  
and the insertion of the search engine IP addresses in the response  
would occur after the validation.

Regards,
-drc


        All you have to do is move the validation to a machine you
        control to detect this garbage. 

                dnssec-enable yes;
                dnssec-validation yes;
                forward only;
                forwarders { <Verizon's caching servers>; };
                dnssec-lookaside . trust-anchor <dlv registry>;

        All lookups which Verizon has interfered with from signed zones
        will fail.

        Mark

Current thread:

Re: Hey, SiteFinder is back, again..., (continued)
- - - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Steven M. Bellovin (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Tim Wilde (Nov 05)
    - Re: Hey, SiteFinder is back, again... Bora Akyol (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Eliot Lear (Nov 05)
    - Re: Hey, SiteFinder is back, again... Christopher Morrow (Nov 05)
    - Re: Hey, SiteFinder is back, again... Steven M. Bellovin (Nov 06)
    - Re: Hey, SiteFinder is back, again... Barry Shein (Nov 06)
    - Re: Hey, SiteFinder is back, again... Mark Andrews (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Mark Andrews (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Stephane Bortzmeyer (Nov 05)
    - Re: Hey, SiteFinder is back, again... D'Arcy J.M. Cain (Nov 05)
    - Re: Hey, SiteFinder is back, again... Stefan Bethke (Nov 05)
    - RE: Hey, SiteFinder is back, again... Frank Bulk - iNAME (Nov 06)
    - Re: Hey, SiteFinder is back, again... Patrick W. Gilmore (Nov 05)
    - Re: Hey, SiteFinder is back, again... Bill Stewart (Nov 05)
    - Re: Hey, SiteFinder is back, again... Andrew Sullivan (Nov 05)

(Thread continues...)