DNSSEC and CVE-2012-1033 (Ghost domain names)
Tony Finch
dot at dotat.at
Mon Feb 13 22:31:44 UTC 2012
Florian Weimer <fw at deneb.enyo.de> wrote:
>
> Doesn't the DNSSEC-based mitigation rely on RRSIGs whose validity does
> not extend too far into the future?
It depends on the TTL of the DS record or its proof of nonexistence.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
North FitzRoy, Sole: Northerly or northwesterly 5 to 7. Moderate becoming
rough. Occasional drizzle. Good, occasionally moderate.
More information about the bind-users
mailing list