>>> I have talked to multiple security officers (who are generally not >>> really knowledgeable on networks) who had 53/tcp blocked and none >>> have yet agreed to change it. >> patience. when things really start to break, and the finger of fate >> points at them, clue may arise. > 36 days until all root servers have DNSSEC data, at which point large > replies become normal.
are end user tools, i.e. a web click a button, available so they can test if they are behind a clueless security id10t? is there good simple end user docco they are somewhat likely to find when things break for them? i.e. what can we do to maximize the odds that the victim will quickly find the perp, as opposed to calling our our tech support lines? randy
