Verisign grabs *.net and *.com
FYI verisign have just adjusted the gTLD name servers to return point to their one IP for any .net (and soon .com) domain that doesn't exist. eg: $ host kjjhgkjhskhg.net kjjhgkjhskhg.net has address 64.94.110.11 $ host uyowiriu777777.net uyowiriu777777.net has address 64.94.110.11 This may break stuff (ie if you refuse email from bogus domains). See: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Simon J. Lyall. | Very Busy | Mail: simon(a)darkmere.gen.nz "To stay awake all night adds a day to your life" - Stilgar | eMT.
On Tue, 2003-09-16 at 14:14, Juha Saarinen wrote:
On Tue, 16 Sep 2003, Simon Lyall wrote:
This may break stuff (ie if you refuse email from bogus domains).
AAAAAARRGH!
Indeed. I consider it a fundamental breakage of the DNS system (not of the specification obviously, but of the ideas/ideals).
Just to get click-through money!
On the other hand, ISPs can now add their own redirect rule for
64.94.110.11 to point to *their own* advertising page (or "VeriSign
Suck" page). I hope some do, if only to piss VeriSign off.
Grrr. Grr grr grrr!
Nic.
--
Nic Bellamy
On the other hand, ISPs can now add their own redirect rule for 64.94.110.11 to point to *their own* advertising page (or "VeriSign Suck" page). I hope some do, if only to piss VeriSign off.
Grrr. Grr grr grrr!
For those of you who use djbdns, a patch has been released that rejects A records that resolve to 64.94.110.11. It'll return NXDOMAIN. http://tinydns.org/djbdns-1.05-ignoreip.patch --Brent
Brent McDowell wrote:
For those of you who use djbdns, a patch has been released that rejects A records that resolve to 64.94.110.11. It'll return NXDOMAIN.
Anything for BIND 9? -- Juha
On Monday, Sep 15, 2003, at 23:58 Canada/Eastern, Juha Saarinen wrote:
Brent McDowell wrote:
For those of you who use djbdns, a patch has been released that rejects A records that resolve to 64.94.110.11. It'll return NXDOMAIN. http://tinydns.org/djbdns-1.05-ignoreip.patch
Anything for BIND 9?
I am told an official patch is being tested right now. Joe
http://www.imperialviolet.org/dnsfix.html
Barry
----- Original Message -----
From: "Joe Abley"
On Monday, Sep 15, 2003, at 23:58 Canada/Eastern, Juha Saarinen wrote:
Brent McDowell wrote:
For those of you who use djbdns, a patch has been released that rejects A records that resolve to 64.94.110.11. It'll return NXDOMAIN. http://tinydns.org/djbdns-1.05-ignoreip.patch
Anything for BIND 9?
I am told an official patch is being tested right now.
Joe
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Wed, 2003-09-17 at 09:29, Joe Abley wrote:
On Monday, Sep 15, 2003, at 23:58 Canada/Eastern, Juha Saarinen wrote:
Brent McDowell wrote:
For those of you who use djbdns, a patch has been released that rejects A records that resolve to 64.94.110.11. It'll return NXDOMAIN. http://tinydns.org/djbdns-1.05-ignoreip.patch
Anything for BIND 9?
I am told an official patch is being tested right now.
In the interim, there's a patch floating around for bind9 - haven't
found an official site for it, so I've chucked it up at:
http://www.bellamy.co.nz/stuff/bind9-antiverisign.patch
I can confirm it Works For Me(tm) (even if it's done in a rather ugly
manner).
Cheers,
Nic.
--
Nic Bellamy
Brent and all, Nice Patch. Now all you or others need to do is modify this patch for the other errant ICANN Registries. >;) Perhaps after awhile, and sooner rather than later, they will get the message. Somehow though I believe it will be later... :( Brent McDowell wrote:
On the other hand, ISPs can now add their own redirect rule for 64.94.110.11 to point to *their own* advertising page (or "VeriSign Suck" page). I hope some do, if only to piss VeriSign off.
Grrr. Grr grr grrr!
For those of you who use djbdns, a patch has been released that rejects A records that resolve to 64.94.110.11. It'll return NXDOMAIN.
http://tinydns.org/djbdns-1.05-ignoreip.patch
--Brent
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard =============================================================== CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1(a)ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801
participants (7)
-
Barry Murphy -
Brent McDowell -
Jeff Williams -
Joe Abley -
Juha Saarinen -
Nic Bellamy -
Simon Lyall