Modifying a response

Niobos niobos at dest-unreach.be
Thu Feb 25 09:02:03 UTC 2010


On 2010-02-24 14:09, Peter Andreev wrote:
> 2010/2/24 Alan Clegg <aclegg at isc.org <mailto:aclegg at isc.org>>
>
>     Peter Andreev wrote:
>
>     >     > For example: if user asks for non-existent domain, caching
>     server
>     >     > replies with some address and no-error rcode.
>     >
>     >     _Extremely_ bad idea.
>     >
>     >
>     > Yes, I know, but boss is boss and task is task :).
>     >
>     > Thank you very much for your answer.
>
>     You might want to talk to your boss about DNSSEC and how it
>     insures that
>     "answer modification" is not allowed -- and how it keeps your
>     customers
>     safe and secure and is a good selling point (see the Comcast
>     announcement that was made yesterday).
>
>     AlanC
>
> Oh, DNSSSEC is another headache. These two tasks doesn't influence
> each other.
As far as I can tell, they DO: your modified answers will be marked as
BOGUS by DNSSEC and will be thrown away.

Niobos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/3265597b/attachment.html>


More information about the bind-users mailing list