Patch for djbdns-1.05 to avoid Verisign DNS abuse
Andrew J Caines
A.J.Caines at halplant.com
Fri Sep 19 13:19:11 PDT 2003
The patch on tinydns.org[1] applies cleanly and works as advertised:
Before:
# nslookup hnr4wy54uy6hteasy54u65ej.com
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: hnr4wy54uy6hteasy54u65ej.com
Address: 64.94.110.11
After:
# nslookup hnr4wy54uy6hteasy54u65ej.com
Server: localhost
Address: 127.0.0.1
*** No address (A) records available for hnr4wy54uy6hteasy54u65ej.com
To fix the records pointing to the Verisign IP:
# echo 64.94.110.11 > /service/dnscache/root/ignoreip
# svc -t /service/dnscache
I extracted the patch from the page[1] and put it in files/patch-ignoreip2
and ran the above by hand. I considered trying to patch the port, but was
unable to resolve issues such as at what stage to create the ignoreip,
where to reliably locate the service directory and what the relevant
service names would be (eg. There are references to dnscache as "D" as
well as "dnscache"). Also, the service stuff is in the daemontools port.
So, to DIY for (at least) dnscache, this should do the trick:
# cd /usr/ports/dns/djbdns
# fetch -o files/patch-ignoreip2 http://tinydns.org/djbdns-1.05-ignoreip2.patch
# make
# SERVICE=/service/dnscache # Adjust accordingly
# echo 64.94.110.11 > $SERVICE/root/ignoreip
# svc -d $SERVICE
# make reinstall
# svc -u $SERVICE
[1] http://tinydns.org/djbdns-1.05-ignoreip2.patch
-Andrew-
--
_______________________________________________________________________
| -Andrew J. Caines- Unix Systems Engineer A.J.Caines at halplant.com |
| "They that can give up essential liberty to obtain a little temporary |
| safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
More information about the freebsd-ports
mailing list