> so if you're interested in securing dns, say to prevent ssl > mitm attacks, i only see three choices > 1. hold your nose. do dnssec. > 2. put your head in the sand. > 3. convince the world to use dnscurve.
if the goal is avoiding ssl mitm attacks, dns is the least of your worries. a mitm will just take over the connection attempt for the actual ip address. the solution there is to implement proper ssl certificate chain checking. russ