> You have clearly never been to an hotel where their Internet services
> intercept all DNS queries regardless of where you send the message...
> You cannot trust the infrastructure not to misbehave.
Answer, I tend not to pay $10 per night just to surf the Internet
from a hotel room and when I have I have been using a VPN which
encrypts all the trafic.
Question, what do you want the infrastructure to do in this
situation? I believe that what a secure DNS infrastructure should
do is inform you that you are subject to a DNS MiM attack.
If you are going to use secure DNS then you probably want to
use IPSEC to protect you trafic from hotel rooms and the like.
If the institution blocks IPSEC then you should probably apply
Moscow rules and not use the Internet at all.
Phill
