imp at bsdimp.com
Fri Jan 23 16:14:04 EST 2015
> On Jan 23, 2015, at 1:05 PM, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> The CRC protects against the common risks (lying DNS resolvers), we
> don't need more than that.
The CRC shows that you have internally consistent data. It really only
catches DNS servers that tell lies for the purpose of redirecting traffic.
It wouldn’t catch a crafty DNS server that was telling a coherent lie
for nefarious purposes.
More information about the LEAPSECS