On 12/19/2015 10:27 AM, Always Learning wrote:
On Sat, 2015-12-19 at 09:49 -0800, Alice Wonder wrote:
DNS verification solves that issue.
How reliably safe is that ?
Crack the DNS access and inflict viruses, trojans etc. with authorised
impunity ?
Happy Christmas.
No, if you manage to crack the DNS you can not do anything but a DOS
attack unless you also managed the get the DNSSEC signing key, which
does not need (and should not be) to be on the DNS server.
Manage to get the signing key, and the only consequence is the attacker
can make fraudulent DNS entries that would validate - same as with GPG
or any other private / public key cryptographic signatures.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
