> If I had operated with malicious intent, I could have also [...]
Wouldn't most of these be mitigated if that ccTLD used DNSSEC (according to dnsviz, it currently doesn't)? The hijacked DNS servers wouldn't be able to provide correctly-signed DNS records, so the fake answers would be rejected by all validating resolvers.
Wouldn't most of these be mitigated if that ccTLD used DNSSEC (according to dnsviz, it currently doesn't)? The hijacked DNS servers wouldn't be able to provide correctly-signed DNS records, so the fake answers would be rejected by all validating resolvers.