On Tue, Nov 20, 2012 at 06:25:48PM +0800, Feng He <fen...@nsbeta.info> wrote a message of 59 lines which said:
> >;; ADDITIONAL SECTION: > >ASPMX.L.GOOGLE.COM. 2626 IN A 1.2.3.4 > >ALT1.ASPMX.L.GOOGLE.COM. 2626 IN A 5.6.7.8 > >ALT2.ASPMX.L.GOOGLE.COM. 2626 IN A 1.2.3.4 > >ASPMX2.GOOGLEMAIL.COM. 2626 IN A 5.6.7.8 > > As shown above google's addresses can be faked. > How will a local DNS server prevent this hijack DNS records? This data is out-of-bailwick (and is not glue either) and should be ignored by a reasonable resolver. RFC 5452, section 6. Of course, DNSSEC would prevent this poisoning as well. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
