Modifying a response

Peter Andreev andreev.peter at gmail.com
Thu Feb 25 17:24:23 UTC 2010


I meant, that this resolver won't be dnssec-aware.

Thank you very much, guys, I got answer to my question.

2010/2/25 Niobos <niobos at dest-unreach.be>

>  On 2010-02-24 14:09, Peter Andreev wrote:
>
> 2010/2/24 Alan Clegg <aclegg at isc.org>
>
>> Peter Andreev wrote:
>>
>> >     > For example: if user asks for non-existent domain, caching server
>> >     > replies with some address and no-error rcode.
>> >
>> >     _Extremely_ bad idea.
>> >
>> >
>> > Yes, I know, but boss is boss and task is task :).
>> >
>> > Thank you very much for your answer.
>>
>>  You might want to talk to your boss about DNSSEC and how it insures that
>> "answer modification" is not allowed -- and how it keeps your customers
>> safe and secure and is a good selling point (see the Comcast
>> announcement that was made yesterday).
>>
>> AlanC
>>
>>  Oh, DNSSSEC is another headache. These two tasks doesn't influence each
> other.
>
> As far as I can tell, they DO: your modified answers will be marked as
> BOGUS by DNSSEC and will be thrown away.
>
> Niobos
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/2fa30d4d/attachment.html>


More information about the bind-users mailing list