chrish wrote: >> meanwhile ISC will continue to push for DNSSEC in the hope that this kind >> of thing simply cannot be done at all in the way it's often done today >> (using faked NXDOMAIN responses from full resolvers toward stub >> resolvers.) > > Is there any way to insure that this sort of thing will never be possible?
Yes. As Paul said, deploy DNSSEC. AlanC
