[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS hardening, was Re: Dan Kaminsky



> 3 works, but offers zero protection against 'kaminsky spoofing the
> root' since you can't fold the case of "123456789.". And the root is
> the goal.

Good point.

5) Download your own copy of the root zone every few days from 
http://www.internic.net/domain/, check the signature if you can find the 
signing key for 289FE7AD, and use that rather than the public roots.

6) EDNS0 PING, if you think anyone else will implement it

R's,
John