On Fri, 29 May 2009, Alessandro Vesely wrote:
transport security is pretty meaningless in the DNS world which operates
using a distributed caching system.
One has to trust each cache!
Your solution to protect the DNS is "just trust everyone"?
Given that it is pretty easy to predict a subset
of the queries a given server will issue in a give time frame, using SCTP can
improve reliability better than adding another 32bit random number.
The source port randomization patch is not DNSSEC. DNSSEC is much more then
a 32bit random number. Please read the RFCs.
Paul
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf