[Bug 1625] Force EDNS0 requests on

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jul 5 11:20:25 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1625

--- Comment #2 from Damien Miller <djm at mindrot.org>  ---
I'm not sure about this - it may in fact be harmful. If traffic between
a non--DNSSEC-verifying stub resolver and its recursive verifying
resolver is subject to attack (e.g. it is on a shared network), then
automatically enabling DNSSEC may make it possible for an attacker to
force acceptance of certain host keys.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list