[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNSSEC and ISPs faking DNS responses

Subject: DNSSEC and ISPs faking DNS responses
From: eric-list at truenet.com (eric-list at truenet.com)
Date: Fri, 13 Nov 2015 13:12:24 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

Actually, how are other places implementing these lists?  I would have thought to use RPZ, 
but as far as I know if the blocked DNS domain is using DNSSEC it wouldn't work.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222


-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of John R. Levine
Sent: Friday, November 13, 2015 12:33 PM
To: Owen DeLong
Cc: nanog at nanog.org
Subject: Re: DNSSEC and ISPs faking DNS responses

I doubt the ISPs in Qu?bec would have much sympathy for this proposed law. 
It makes their life harder and provides them no benefit.  Should it pass (remember, it's just proposed), I expect they'd just adjust their DNS caches to block responses for the list of domains that the government mails them and claim they're in full compliance.

R's,
John

Follow-Ups:
- DNSSEC and ISPs faking DNS responses
  - From: dot at dotat.at (Tony Finch)

References:
- DNSSEC and ISPs faking DNS responses
  - From: johnl at iecc.com (John Levine)
- DNSSEC and ISPs faking DNS responses
  - From: owen at delong.com (Owen DeLong)
- DNSSEC and ISPs faking DNS responses
  - From: johnl at iecc.com (John R. Levine)

Prev by Date: DNSSEC and ISPs faking DNS responses
Next by Date: DNSSEC and ISPs faking DNS responses
Previous by thread: DNSSEC and ISPs faking DNS responses
Next by thread: DNSSEC and ISPs faking DNS responses
Index(es):
- Date
- Thread