| rfc9609v2.txt | rfc9609.txt | |||
|---|---|---|---|---|
| skipping to change at line 362 ¶ | skipping to change at line 362 ¶ | |||
| An on-path attacker who sees a priming query coming from a resolver | An on-path attacker who sees a priming query coming from a resolver | |||
| can inject false answers before a root server can give correct | can inject false answers before a root server can give correct | |||
| answers. If the attacker's answers are accepted, this can set up the | answers. If the attacker's answers are accepted, this can set up the | |||
| ability to give further false answers for future queries to the | ability to give further false answers for future queries to the | |||
| resolver. False answers for root servers are more dangerous than, | resolver. False answers for root servers are more dangerous than, | |||
| say, false answers for TLDs, because the root is the highest node of | say, false answers for TLDs, because the root is the highest node of | |||
| the DNS. See Section 3.3 for more discussion. | the DNS. See Section 3.3 for more discussion. | |||
| In both of the scenarios listed here, a validating resolver will be | In both of the scenarios listed here, a validating resolver will be | |||
| able to detect the attack if its chain of queries comes to a zone | able to detect the attack if its chain of queries comes for a zone | |||
| that is signed, but not for those that are unsigned. | that is signed, but not for those that are unsigned. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This document has no IANA actions. | This document has no IANA actions. | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| End of changes. 1 change blocks. | ||||
| 1 lines changed or deleted | 1 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||