Michael Richardson <[email protected]> writes: > better if dnsmasq just implemented > https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 > which alas, has never become an RFC, AFAIK.
Does dnsmasq use cookies? Ref https://tools.ietf.org/html/rfc7873 That pretty solves the cache poisoning problem, and should be supported by most of the authoritative servers out there. > Alternatively, DNSSEC was designed to deal with the entire gamut of DNS cache > poisioning. Sure, and let's have more of that. But realistically it is so hard to use on the authoritative side that we'll never have full coverage, even for the names we care about. Bjørn _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
