Modifying a response
Peter Andreev
andreev.peter at gmail.com
Thu Feb 25 17:24:23 UTC 2010
I meant, that this resolver won't be dnssec-aware.
Thank you very much, guys, I got answer to my question.
2010/2/25 Niobos <niobos at dest-unreach.be>
> On 2010-02-24 14:09, Peter Andreev wrote:
>
> 2010/2/24 Alan Clegg <aclegg at isc.org>
>
>> Peter Andreev wrote:
>>
>> > > For example: if user asks for non-existent domain, caching server
>> > > replies with some address and no-error rcode.
>> >
>> > _Extremely_ bad idea.
>> >
>> >
>> > Yes, I know, but boss is boss and task is task :).
>> >
>> > Thank you very much for your answer.
>>
>> You might want to talk to your boss about DNSSEC and how it insures that
>> "answer modification" is not allowed -- and how it keeps your customers
>> safe and secure and is a good selling point (see the Comcast
>> announcement that was made yesterday).
>>
>> AlanC
>>
>> Oh, DNSSSEC is another headache. These two tasks doesn't influence each
> other.
>
> As far as I can tell, they DO: your modified answers will be marked as
> BOGUS by DNSSEC and will be thrown away.
>
> Niobos
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100225/2fa30d4d/attachment.html>
More information about the bind-users
mailing list