[dnssec-deployment] DNSSEC plenary discussion paper - trust anchors, last mile, etc.
matt.pounsett at cira.ca
Wed Jan 7 15:38:29 EST 2009
On 07-Jan-2009, at 08:18 , W.C.A. Wijngaards wrote:
> - From a conversation with Mark, I thought all of them. I recall
> with him that the incremental approach had superior attack avoidance
> some scenarios. I may well be wrong, and people from ISC are better
> suited to commenting on Binds abilities here.
Without incremental validation, isn't there a huge gaping DoS
vulnerability? As an attacker, I don't need to flood your network to
DoS your server, I just need to get invalid answers there faster than
the valid ones to prevent you from ever looking up that domain.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20090107/59fe620d/attachment.bin
More information about the Dnssec-deployment