undefined | Better HN

0 pointsfranga20005mo ago0 comments

Not tamper with the record directly, but MitM it on the way to a target.

0 comments

That should be prevented by dnssec no?

Depends on who your adversary is. If it's your ISP: no, DNSSEC doesn't prevent that (in every mainstream deployment scenario, your upstream DNS recursive server is the only thing really doing DNSSEC validation).

crote5mo ago

That's what DNSSEC is for.

franga2000OP5mo ago

Yes, but that's just PKI again, which is what the OP was trying to avoid.

j / k navigate · click thread line to collapse