Wednesday, May 5, 2010

DNSSEC and not panic

DNSSEC...not a bang but a whimper?

This SANS Diary entry points out that there will be changes in the root DNS servers soon that will spell the beginning of the end for the threat of DNS cache poisoning, by way of signed responses. There is a lot of FUD around the change in DNS to utilize EDNS, but the reality is that if systems don't support EDNS they will fall back to regular DNS.

No comments:

Post a Comment