[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNSSEC and ISPs faking DNS responses
>> At this point very few client resolvers check DNSSEC, so something
>> that stripped off all the DNSSEC stuff and inserted lies where
>> required would "work" for most clients. At least until they realized
>> they couldn't get to PokerStars and switched their DNS to 22.214.171.124.
> If the ISPs don?t start blocking well known public resolvers or even just
> blocking port 53 in general (which has been known to happen).
I doubt the ISPs in Qu?bec would have much sympathy for this proposed law.
It makes their life harder and provides them no benefit. Should it pass
(remember, it's just proposed), I expect they'd just adjust their DNS
caches to block responses for the list of domains that the government
mails them and claim they're in full compliance.