Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC Validation? If not, then do people have a choice? Regards Bora On 11/5/07 11:54 AM, "Steven M. Bellovin" <smb@cs.columbia.edu> wrote:
On Mon, 5 Nov 2007 11:17:29 -0800 David Conrad <drc@virtualized.org> wrote:
On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
What affect will Allegedly Secure DNS have on such provider hijackings, both of DNS and crammed-in content?
If what Verizon is doing is rewriting NXDOMAIN at their caching servers, DNSSEC will _not_ help. Caching servers do the validation and the insertion of the search engine IP addresses in the response would occur after the validation.
Depends on whether or not the endpoints delegate DNSSEC validation to Verizon. They don't have to.