DNS holes

Hello,

It seems to me that the DNS protocol will always have holes for DNS
poisoning. Is there a way to completely protect against that? Maybe
another protocol or another version of DNS? I ask this mostly from the
Internet user point of view. But I'm also interested in knowing how you
deal with DNS lookups on the networks you admin, do you do anything to
protect your users from DNS poisoning?

In article <20080815173653.94aa4dbe.almeidaraf@gmail.com>,
"Rafael C. Almeida" wrote:

> Hello,
>
> It seems to me that the DNS protocol will always have holes for DNS
> poisoning. Is there a way to completely protect against that? Maybe
> another protocol or another version of DNS? I ask this mostly from the
> Internet user point of view. But I'm also interested in knowing how you
> deal with DNS lookups on the networks you admin, do you do anything to
> protect your users from DNS poisoning?

Is there a reason you're asking this in a Unix group rather than a DNS
group? DNS is not a Unix-specific protocol?

Anyway, the eventual answer to your question is DNSSEC.

--
Barry Margolin, barmar-at-alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***