[EMAIL PROTECTED] wrote:
Andy
So if I understand you correctly you are proposing the
logical extreme of caching.....push entire chunks of DNS
info to lower levels of hierarchy.
How you considered what the security implications of this
are?
What security implications? DNS is such a broken, insecure protocol
that it would be difficult for it to get *worse*. This would actually
make it better since the second tier of DNS servers could actually use a
fully encrypted, keyed, and authenticated zone transfer.
See DNSSEC: http://www.dnssec.net/
You are giving each lower DNS node more power
which means if that lower node gets 0wned then more
damage can be done right?
It doesn't matter whether you are using zone transfer caching or not.
Unless you hit the root servers *every* time with a known authentication
key, you are susceptible to this attack anyway.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
