On Oct 22, 2014, at 10:27 AM, Florian Weimer <[email protected]> wrote: > I've suggested multiple times that one > possible way to make DNS cache poisoning less attractive is to cache > only records which are stable over multiple upstream responses, and > limit the time-to-live not just in seconds, but also in client > responses.
Why not just turn on DNSSEC? Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
