On 1/27/25 07:02, Carlos Horowicz via bind-users wrote:
IMHO this has nothing to do with DNSSEC,
HEAVYsigh
Why do things seem to focus on the encryption of DNS traffic and ignore
authentication of the information?
I'm sure that all of us are aware that it's perfectly possible for a DoT
/ DoH server to send bogus information through the encryption.
In some ways, advocating for encryption without authentication is akin
to advocating for self-signed TLS certificates for web-sites. Anybody
can monkey in the middle the traffic if they want to.
I've not read any of the cited articles yet, but I assume DNS w/ DNSSEC
through VPN isn't mentioned.
--
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
