DNS security saved by Nominum?

Besides SPR ( source port randomisation ), Nominum have a number of other security options built into their Vantio DNS product:

  • SPR
  • defense: strange queries result in a direct connection to the server
  • resistance: tries not to give out ip’s for name servers ( glue records )
  • warns ISP of attack

So, interesting options from Nominum but as I understand it, you can’t actually buy the product – it’s more of a lease type thing. And not cheap, cheap …

Eeek, but let’s look closer. Nominum only fixes the cache poisoning problem for their own users. Defense: shouldn’t they always have a direct secure connection to the server? Resistance: isn’t this what hiding a dns server is all about? Blowing smoke is what this is all about. Perhaps they should give their ‘we fix the DNS for everyone’ solutions to everyone so that we can get rid of the issue once and for all.