On Mon, Jan 17, 2011 at 10:29:45AM +0000, [email protected] wrote: > That particular case I have been told is protected against by using DNSSEC, > which ensures the host will detect the fraudulent answer to this directed > attack and will fall back to use other DNS server (or fail)... >
Right. But I guess I'm confused: I thought you were arguing that DNSSEC wasn't needed. > If the host would have been single-homed, it would have send all its queries > to the interface this attacker has control over. Correct. -- Andrew Sullivan [email protected] Shinkuro, Inc. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
