Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
China, GitHub and the man-in-the-middle (Greatfire)
Posted Jan 31, 2013 17:36 UTC (Thu) by cesarb (subscriber, #6266)
Not possible, since the root DNSSEC key is distributed with the software. There is no warning dialog box a user can easily dismiss; the software simply returns SERVFAIL. And there is a single root DNSSEC key, which is out of their reach, unlike the SSL model which has several root keys.
The most they can do is block DNSSEC requests, forcing all DNS resolution to fail. Since the root is signed, if a DNSSEC validating resolver cannot validate the root, it will return SERVFAIL for all queries.
Posted Jan 31, 2013 22:05 UTC (Thu) by tialaramex (subscriber, #21167)
Posted Feb 1, 2013 9:43 UTC (Fri) by job (guest, #670)
Posted Feb 1, 2013 11:06 UTC (Fri) by hummassa (subscriber, #307)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds