In message CAAF6GDcP77MBBUJbEdQgOqOLh2UHPEOmxYNTaAO-8F=odly...@mail.gmail.com
, =?ISO-8859-1?Q?Colm_MacC=E1rthaigh?= writes:
On Tue, Apr 1, 2014 at 7:49 PM, Evan Hunt e...@isc.org wrote:
On Tue, Apr 01, 2014 at 06:25:12PM -0700, Colm MacC?rthaigh wrote:
DNSSEC is a mitigation against
On Wed, Apr 2, 2014 at 2:40 PM, Mark Andrews ma...@isc.org wrote:
I don't think this makes much sense for a coherent resolver. If I were
writing a resolver, the behaviour would instead be; try really hard to
find a valid response, exhaust every reasonable possibility. If it can't
get a
On Tue, Apr 01, 2014 at 06:25:12PM -0700, Colm MacC?rthaigh wrote:
DNSSEC is a mitigation against spoofed responses, man-in-the-middle
interception-and-rewriting and cache compromises. These threats are
endpoint and path specific, so it's entirely possible that one of your
resolvers (or its
On Tue, Apr 1, 2014 at 7:49 PM, Evan Hunt e...@isc.org wrote:
On Tue, Apr 01, 2014 at 06:25:12PM -0700, Colm MacC?rthaigh wrote:
DNSSEC is a mitigation against spoofed responses, man-in-the-middle
interception-and-rewriting and cache compromises. These threats are
endpoint and path
On Apr 1, 2014, at 10:24 PM, Colm MacCárthaigh c...@allcosts.net wrote:
I don't think this makes much sense for a coherent resolver. If I were
writing a resolver, the behaviour would instead be; try really hard to find
a valid response, exhaust every reasonable possibility. If it can't