Implicit trust in DNS servers
How many people actually know which DNS server they're using? And, if they know which server they're using, how much do they trust the person or company running the server? The majority of networks are configured with dynamic host configuration protocol (DHCP). DHCP is a protocol that allows computers to broadcast a generic "configure me" message to the local network. Any server on the network can respond to the message, telling the computer which DNS server to use (among other things). This problem is two-fold: first, there is no guarantee that the response is coming from the expected server. And second, even if it comes from the proper server, what guarantee does the user have that the DNS server provided is actually valid and secure?
[ Read more ]