DNSSEC and CVE-2012-1033 (Ghost domain names)

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Feb 10 15:37:59 UTC 2012

On Thu, Feb 09, 2012 at 12:38:42PM -0800,
 Casey Deccio <casey at deccio.net> wrote 
 a message of 67 lines which said:

> Actually, it should, in the spirit of DNSSEC. 

OK, so there is nothing that can be done at the registry level. Only
the resolver admin can use DNSSEC to solve the ghost domain problem,
by enabling DNSSEC validation. Correct?

More information about the bind-users mailing list