* Edward Lewis: > The above has a few non-sequiters. First, yes, the cache poisoning > is prevented, after it is detected. What you are complaining though > is that this means the end user is blocked from reaching the desired > service - as a result of the poisoning being thwarted.
Yes, that's what would happen. I just want to point out that *if* there's a trivial spoofing attack (comprising a few thousand packets, but not billions) against DNS, we still have a problem. DNSSEC is not a cure for problems on the transport layer or below. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
