On Wed, Sep 09, 2020 at 10:15:49AM +1000, Mark Andrews wrote: > > Which in part is why I came up with DNS COOKIES. As long as the server > supports DNS COOKIE you can use a single socket and have more than enough > entropy to defeat off path attacks. You can fall back to using seperate > sockets for servers that don???t support DNS COOKIES. >
+1. DNS COOKIE was a brilliant bit of work. but you should mention the RFC# and perhaps say which well known DNS implementations support it, to be more convincing to people who are not me. -- Paul Vixie _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
