Re: draft-ietf-dnsext-forgery-resilience-01.txt

[bert hubert <bert.hubert@netherlabs.nl>]

On Sun, Nov 18, 2007 at 02:29:48PM +0100, Stephane Bortzmeyer wrote:
> > * -01 says "TBD: Do we need to talk about stub resolvers?  Does this
> > draft apply to them?" I believe that the answer is yes. A typical stub
> > resolver cannot receive unexpected answers (it typically does not
> > listen for ever on the network) but it still can be fooled when
> > listening for a reply. In addition, a typical stub resolver should
> > listen only to the answers coming from the nameservers listed in its
> > configuration (/etc/resolv.conf on Unix) but I'm not sure they all
> > do and, anyway, it is not sufficient, the other countermeasures
> > mentioned in section 9 all apply.
> 
> And about this issue? Everybody agrees?

I agree, at least.

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>