Request for FreeBSD 4.9-RELEASE: PLEASE include this patch to
BIND and turn it on by default
Scot W. Hetzel
hetzelsw at westbend.net
Wed Sep 17 12:51:46 PDT 2003
From: "Brett Glass" <brett at lariat.org>
> As many of you may know, Verisign/Network Solutions has recently added
wildcard
> records to the .com and .net TLDs. All typographical errors that result in
failed
> resolution of a host name now cause the user's browser to be bounced to a
> search engine page maintained by Verisign.
>
> A nasty side effect of this attempt at "universal typosquatting" is that
mail
> transfer agents such as Sendmail can no longer block reduce spam by
rejecting
> mail that claims to come from an unresolvable host name.
>
> The message below describes an emergency patch, made by ISC to BIND, which
> defeats Verisign's TLD wildcards. Please incorporate this patch into the
> version of BIND that ships with FreeBSD 4.9-RELEASE. It will save many of
> us a lot of tedious manual patching!
>
> [2] http://www.isc.org/products/BIND/delegation-only.html
>
Currently, there is no delegation-only patch available from isc.org for Bind
8. According to Paul Vixie [1], Bind 8 is not a priority as they would
rather put it into feature freeze, but they are considering it.
Several administrators [2,3] have created a patch for bind8, but it hard
codes the IP address being used by Verisign into the named daemon.
Scot
[1] NANOG Mail List - http://www.merit.edu/mail.archives/nanog/msg13868.html
[2] NANOG Mail List - http://www.merit.edu/mail.archives/nanog/msg13704.html
[3] BIND Users List -
http://marc.theaimsgroup.com/?l=bind-users&m=106381817926374&w=2
More information about the freebsd-stable
mailing list