top | item 47171118 (no title) jcalvinowens | 3 days ago DNSSEC prevents that if set up properly. discuss order hn newest tptacek|2 days ago This is an on-path attacker. In end-user DNS configurations, attackers can simply disable DNSSEC; it's 1 bit in the DNS response header ("yeah, sure, I verified this for you, trust me"). jcalvinowens|2 days ago No, modern resolvers like systemd-resolved actually check the dnssec signatures on the client. load replies (2)
tptacek|2 days ago This is an on-path attacker. In end-user DNS configurations, attackers can simply disable DNSSEC; it's 1 bit in the DNS response header ("yeah, sure, I verified this for you, trust me"). jcalvinowens|2 days ago No, modern resolvers like systemd-resolved actually check the dnssec signatures on the client. load replies (2)
jcalvinowens|2 days ago No, modern resolvers like systemd-resolved actually check the dnssec signatures on the client. load replies (2)
tptacek|2 days ago
jcalvinowens|2 days ago