On Sat, 28 Jun 2008 22:09:52 CDT, Randy said: > Where did it go wrong? For starters, consider all the unclued DNS operators that think that TCP/53 is *only* used for zone transfers, so the block it. When they get a query from a user that recurses to a DNSSEC entry that doesn't fit in 512 bytes, they get back a 'truncated' reply. Their DNS resolver then retries on TCP and gets hosed by the firewall.
pgpShQ9GqFhjP.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
