provoost on Nostr: I wonder if DNSSEC is just not a thing in China? cc matt > The GFW’s DNS injection ...
I wonder if DNSSEC is just not a thing in China? cc matt (npub185h…wrdp)
> The GFW’s DNS injection subsystem employs a fleet of middlebox devices at China’s network border that watch for DNS queries for blocked domain names. When they see one, they inject a DNS response back towards the client, spoofing the source address as if it came from the intended resolver. The injected response is a false answer to the query, containing an incorrect, useless IP address.
> The GFW’s DNS injection subsystem employs a fleet of middlebox devices at China’s network border that watch for DNS queries for blocked domain names. When they see one, they inject a DNS response back towards the client, spoofing the source address as if it came from the intended resolver. The injected response is a false answer to the query, containing an incorrect, useless IP address.