> From: [email protected] [mailto:discuss- > [email protected]] On Behalf Of Derek Atkins > > Richard Pieri <[email protected]> writes: > > > Which results in a denial of service for clients if DNSSEC is > > enforced. That's not protecting users; that's dumping them into black > > holes. > > Some say DoS, some say protected. If someone is trying to poison my DNS > Cache I'd rather ignore them and blackhole than accept their attack and > go to the wrong place. Besides, DNS allows me to go ask multiple > sources for information.
+1 The correct behavior is to refuse to use corrupted data, and probably retry the query to get good data. If an intermediary router wants to cause a DoS, then stripping security would be the stupidest way possible to execute such an attack - rather than just dropping the packet. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
