On Wed, Aug 5, 2009 at 6:48 PM, John Levine<jo...@iecc.com> wrote: > 3) Random case in queries, e.g. GooGLe.CoM > 4) Ask twice (with different values for the first three hacks) and > compare the answers > > I presume everyone is doing the first two. Any experience with the > other two to report?
3 works, but offers zero protection against 'kaminsky spoofing the root' since you can't fold the case of "123456789.". And the root is the goal. 4 breaks on Akamai and many other CDNs. Even 'ask thrice, and take the majority answer' doesn't work there. 5 is 'edns ping', but it was effectively blocked because people thought DNSSEC would be easier to do, or demanded that EDNS PING (http://edns-ping.org) would offer everything that DNSSEC offered. Bert