Any workarounds for Verisign .com/.net highjacking?
M. Warner Losh
imp at bsdimp.com
Tue Sep 16 17:04:25 PDT 2003
In message: <XFMail.20030916170025.jdp at polstra.com>
John Polstra <jdp at polstra.com> writes:
: On 16-Sep-2003 M. Warner Losh wrote:
: > I think we should put a filter for this nonsense into the base
: > system. Hack the resolve to filter out the adddress, and hack bind to
: > filter it out too. that way we can leverage our position in the name
: > servers in the world to do something about this BS.
:
: I think so too, in principle. But we need something better than a
: hard-coded IP address. It would take Verisign about an hour to figure
: out they need to change the address frequently. (Well, OK, a day ...
: it's Verisign, after all.)
Agreed. but it wouldn't be too hard to determine at boot/hourly doing
a bogus query to find the address of the moment. Even they would be
hard pressed to change things more than hourly.
Warner
More information about the freebsd-hackers
mailing list