On Wed, Apr 20, 2022 at 8:00 AM Antonia Affinito < antoniaaffinit...@gmail.com> wrote:
> I noticed that, in case of a malicious domain name, some local resolvers > send an NXDOMAIN and others a courtesy page address. Do you know if the > resolvers (for example TIM, Wind or Fastweb) can return an NXDomain in > order to protect their clients? > Howdy, >From a network engineering perspective, any resolver that responds to an authoritative NXDOMAIN by generating an address for a courtesy page -is- the malicious actor. Doubly so if they lie about the DNSSEC status in the response. Regards, Bill Herrin -- William Herrin b...@herrin.us <https://bill.herrin.us/> https://bill.herrin.us/
