|
|
|
|
|
|
by mcpherrinm
125 days ago
|
|
|
Two current mitigations and one future: DNSSEC prevents any modification of records, but isn’t widely deployed. We query authoritative nameservers directly from at least four places, over a diverse set of network connections, from multiple parts of the world. This (called MPIC) makes interception more difficult. We are also working on DNS over secure transports to authoritative nameservers, for cases where DNSSEC isn’t or won’t be deployed. |
|
|