[liberationtech] decentralized DNS... What's the state of DNSSEC implementation by those on this list.. ?
Seth David Schoen
schoen at eff.org
Thu Mar 15 07:37:28 PDT 2012
James Losey writes:
> If the registry is wrong on a global level I can see where DNSSEC might not
> be sufficient. However, if a man-in-the-middle attack attempts to spook an
> attack to users in one region isn't this a case where DNSSEC would be
> effective, and result in an error
> code<http://www.iana.org/assignments/dns-parameters>?
> My understanding is that implementation of DNSSEC limits the ability for
> lazy censorship such as filtering queries (unless they simply gave a
> false "Non-Existent
> Domain" return code) or redirecting queries to other websites, both of
> which would be goals of interest to members of this list.
I might have misunderstood what the original poster was referring to,
in which case I apologize for making a misleading claim about what this
thread was about. I thought the original poster was referring to
domain name seizures, not spoofed replies to DNS queries. I agree
that DNSSEC is useful for detecting spoofed replies to queries.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the liberationtech
mailing list