Any workarounds for Verisign .com/.net highjacking?
freebsd-misuser at remove-NOSPAM-to-reply.NOSPAM.dyndns.dk
Wed Sep 24 09:39:06 PDT 2003
[obligatory From: address is IPv6-only; to obtain IPv4-mailable address,
remove hostname part. Even then no guarantee mail won't bounce -- I
follow the list archives in my copious offline time]
> > > In the meantime I'm trying to figure out if there's some
> > >simple hack to disregard these wildcard A records, short of
> > I have no idea of how well either of these work. Use your
> > own discretion at applying them.
> djbdns-1.05-ignoreip2.patch seems to work very well here, on three
A stupid question, no less, since I see this being discussed here -- is it
correct that the ISC BIND patch does not work with a nameserver that's set
up as a forward-only box?
I've applied the patch to a random BIND successfully, but I'm configured
as forward-only for the domains I don't dish out, being on the unpleasant
end of a PPP dial-in and trying to do my part to keep the root nameservers'
load down. I nab the ISP-provided DNS addresses during the PPP handshake,
configure them as forwarders (plus one or two backups) and restart named,
but still I was able to resolve a made-up com domain to the Usual Address.
This tells me I need to use the DNS machines of an ISP with Clue as static
forwarder addresses, not those provided by ISP-of-the-day (and the last ISP
seemed to give horribly broken machines anyway), if this reaches a point
where I actually want to do something about these wildcards. Provided the
ISP allows outgoing DNS queries too.
More information about the freebsd-hackers