"if 'ExaMplE.CoM' is the name sent in the request, the name in the question section of the response must also be “ExaMplE.CoM” [...] fail to preserve the case of the query name may be dropped as potential cache poisoning attacks"DeEP pACkEt iNspECtION be like...
Conversation
Notices
-
Embed this notice
niconiconi (niconiconi@mk.absturztau.be)'s status on Sunday, 07-Apr-2024 23:07:21 JST 
niconiconi
-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 07-Apr-2024 23:07:19 JST 
翠星石
@niconiconi That's fine if you encrypt the request domain as you should in TLSv1.3 and that mitigates cache poisoning attacks too. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 07-Apr-2024 23:17:48 JST
翠星石
@niconiconi Ah yes DNS, I assumed TLS.
Maybe it's time to start using the GNU Name System. -
Embed this notice
niconiconi (niconiconi@mk.absturztau.be)'s status on Sunday, 07-Apr-2024 23:17:49 JST
niconiconi
@Suiseiseki@freesoftwareextremist.com Not going to happen for a self-hosted recursive resolver, at least not until all domain names in the world have encrypted DNS. You can trust a 3rd party and encrypt the last-mile link, but it just pushes the problem to the upstream instead.
-
Embed this notice
All GNU social JP content and data are available under the