| This is the fourth time in the last 30 days I have seen some blog post about DNSSEC on the front page. Three overtly pushing Cloudflare DNSSEC and one about email and DNSSEC written by a Cloudflare employee. But still no discussion of cache poisoning. So if a user runs their own personal cache bound to the loopback do they need DNSSEC? What if they run their own root? What if they have local copies of all the zones they need? DNSSEC gives control to untrusted third parties to periodically determine what is and what is not a "valid" domain name. What are the protections against abuse of this control? I would not call DNSSEC "secure DNS". I would call it "validated DNS". The question is who is doing the "validation"? And why should we as users trust them more than the endpoint we're trying to reach? |
Absolutely, this is getting out of hand.
Would be easier to just buy HN and replace all top stories with your crappy DNSSEC ads..