I guess some people that might consider doing so could be waiting for "official" patches to come out first (like the one recently released as an rc for BIND 9) rather than hacks before implementing it, but what is the general feeling about this kind of action ? Anyone want to 'fess up to doing it already ? :) (on a medium to large scale)
I swapped over ICONZ's servers to 9.2.3rc4 and put in the requisite delegation-only entries today. Would have done so earlier but the rc2 was giving false positives and the hack for 8.4.1 was slow to return NXDOMAIN for some reason (which I admittedly didn't look into). It was perhaps a mistake to make such an autocratic decision, but considering the technical implications of not doing so I felt it justified. Completely unacceptable behaviour on Verisign's part as far as I am concerned. Besides, the servers needed an upgrade anyway. :) -- David Clarke Tech ICONZ Ltd