* David Conrad: > On Oct 22, 2014, at 10:27 AM, Florian Weimer <[email protected]> wrote: >> I've suggested multiple times that one >> possible way to make DNS cache poisoning less attractive is to cache >> only records which are stable over multiple upstream responses, and >> limit the time-to-live not just in seconds, but also in client >> responses. > > Why not just turn on DNSSEC?
Important zones are still unsigned, so I can understand why there is a desire for altenative solutions. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
