[dnssec-deployment] Washington Post DNS hijack story
paul at xelerance.com
Fri Apr 24 16:13:02 EDT 2009
On Fri, 24 Apr 2009, Frederico A C Neves wrote:
> On Fri, Apr 24, 2009 at 07:56:14AM -0700, Richard Lamb wrote:
> DNSSEC would help nothing here. This was a remote OS exploit and local
> zone configuration at the recursive DNS servers.
The validating stub with DNS forwarder scheme as in fedora-11 would not have
been fooled by a compromised upstream cache.
More information about the Dnssec-deployment