That should be prevented by dnssec no? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ishouldbework 25 days ago \| parent \| context \| favorite \| on: Acme, a brief history of one of the protocols whic... That should be prevented by dnssec no?

tptacek 25 days ago [–]

Depends on who your adversary is. If it's your ISP: no, DNSSEC doesn't prevent that (in every mainstream deployment scenario, your upstream DNS recursive server is the only thing really doing DNSSEC validation).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact