Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
China, GitHub and the man-in-the-middle (Greatfire)
Posted Jan 31, 2013 17:36 UTC (Thu) by cesarb (subscriber, #6266)
Not possible, since the root DNSSEC key is distributed with the software. There is no warning dialog box a user can easily dismiss; the software simply returns SERVFAIL. And there is a single root DNSSEC key, which is out of their reach, unlike the SSL model which has several root keys.
The most they can do is block DNSSEC requests, forcing all DNS resolution to fail. Since the root is signed, if a DNSSEC validating resolver cannot validate the root, it will return SERVFAIL for all queries.
Posted Jan 31, 2013 22:05 UTC (Thu) by tialaramex (subscriber, #21167)
Posted Feb 1, 2013 9:43 UTC (Fri) by job (guest, #670)
Posted Feb 1, 2013 11:06 UTC (Fri) by hummassa (subscriber, #307)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds