JD Thanks for your email. Your local DNS server will have to query the root servers, TLD servers, ... and so on. What about the additional worry that some of *those* DNS servers are compromised?? A local DNS server cannot remove all dependence on external machines right? It can /only/ protect you from a corrupt //initial// DNS server right??
Many DNS services are provided by companies (ISPs like SBC, Time Warner, etc.) whose reputation depends on providing secure DNS servers. Hopefully we can assume /they/ will usually be fine in general right? Plus, it is foolish to assume all traffic isn't sniffed already...hence the need to use SSH and SSL when sending sensitive info. Either of these cases (1. Using SSH & SSL, 2. Using DNS from reputable sources) seems reasonable protection against nasty DNS servers unless I'm missing something. Right? :) Thanks again, Chris -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
