On mer. 29 mars 05:02:16 2017, Jorge Almeida wrote: > BTW, I've been using dnscache (from djbdns) for years. I suppose that > protects against spoofing?
It depends of from what you want to protect. DNS is an all clear protocol, it’s easy to modify packet. Plus, the DNSSEC deployment is too few, and even with DNSSEC, you have to validate localy. It’s just more difficult for the ISP to spoof DNS packets than make their resolver lying. -- alarig
signature.asc
Description: PGP signature
