On Dec 20, 2011, at 11:37 AM, Eduardo A. Suárez wrote:
what if evil guys hack my mom ISP DNS servers and use RPZ to redirect traffic from mom_bank.com to evil.com?
How can she detect this?
Thankfully mom_bank.com is not valid, as underscores aren't valid in dns names :)
Additionally, SSL certificates combined with DNSSEC/DANE can provide some protection. Some of this technology may
not be available today, but is worth tracking if you are interested in this topic.