Modifying a response
Niobos
niobos at dest-unreach.be
Thu Feb 25 09:02:03 UTC 2010
On 2010-02-24 14:09, Peter Andreev wrote:
> 2010/2/24 Alan Clegg <aclegg at isc.org <mailto:aclegg at isc.org>>
>
> Peter Andreev wrote:
>
> > > For example: if user asks for non-existent domain, caching
> server
> > > replies with some address and no-error rcode.
> >
> > _Extremely_ bad idea.
> >
> >
> > Yes, I know, but boss is boss and task is task :).
> >
> > Thank you very much for your answer.
>
> You might want to talk to your boss about DNSSEC and how it
> insures that
> "answer modification" is not allowed -- and how it keeps your
> customers
> safe and secure and is a good selling point (see the Comcast
> announcement that was made yesterday).
>
> AlanC
>
> Oh, DNSSSEC is another headache. These two tasks doesn't influence
> each other.
As far as I can tell, they DO: your modified answers will be marked as
BOGUS by DNSSEC and will be thrown away.
Niobos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/3265597b/attachment.html>
More information about the bind-users
mailing list