[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNSSEC and ISPs faking DNS responses
Actually, how are other places implementing these lists? I would have thought to use RPZ,
but as far as I know if the blocked DNS domain is using DNSSEC it wouldn't work.
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of John R. Levine
Sent: Friday, November 13, 2015 12:33 PM
To: Owen DeLong
Cc: nanog at nanog.org
Subject: Re: DNSSEC and ISPs faking DNS responses
I doubt the ISPs in Qu?bec would have much sympathy for this proposed law.
It makes their life harder and provides them no benefit. Should it pass (remember, it's just proposed), I expect they'd just adjust their DNS caches to block responses for the list of domains that the government mails them and claim they're in full compliance.