Florian Weimer wrote: > On the hand, if you don't build a network of your own, and your ISP > properly filters their Internet connection and their customer interfaces > to stop source address spoofing, it's not possible forge DNS traffic > which claims to come from the ISP resolver. (Since the addresses > involved are theirs, they can actually do it--globally, on the whole > Internet, it's much more difficult.) IIRC Dan Kaminsky has been suggesting using opendns, which has fixed servers, if your ISPs server is not fixed. Won't using a third-party DNS server defeat any filtering your ISP does on their network, and allow the stub resolver to be spoofed? -- see shy jo
Attachment:
signature.asc
Description: Digital signature