A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Wrapping DNS for Traffic Protection
Author(s) : P. Hoffman
Filename : draft-hoffman-dns-last-hop-00.txt
Pages : 11
Date : 2010-12-05
DNS queries from one resolver to an upstream resolver are often run
over connections with no protection of any kind. This connection, is
currently susceptible to both malicious and unintentional alteration
that prevents the querying resolver from being sure that the results
it receives are valid. Some middleboxes can prevent a querying
resolver that does DNSSEC validation from getting enough information
to validate a response. Further, a non-validating, non-iterative
resolver querying a trusted recursive resolver is susceptible to
active attacks in which the results are purposely altered.
The protocols described in this document provide two methods to avoid
these problems and thus make resolution significantly more secure.
These protocols can be used between any two DNS resolvers, but they
are particularly useful for queries from "last-hop" stub resolvers to
trusted recursive resolvers.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hoffman-dns-last-hop-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-hoffman-dns-last-hop-00.txt>
-
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
