[Bug 1625] Force EDNS0 requests on
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Jul 5 11:20:25 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1625
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
I'm not sure about this - it may in fact be harmful. If traffic between
a non--DNSSEC-verifying stub resolver and its recursive verifying
resolver is subject to attack (e.g. it is on a shared network), then
automatically enabling DNSSEC may make it possible for an attacker to
force acceptance of certain host keys.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list