[plug] Any ISP's on this list? - Verisign adds wildcard A Record to .com/.net DNS
Craig Ringer
craig at postnewspapers.com.au
Tue Sep 16 21:16:54 WST 2003
> | Summary:
> | This is *not* good.
Hmm... does anybody know if it's actually possible to configure BIND to
'reject' certain replies as invalid, and report NXDOMAIN instead? My
normal solution to domains I don't want to know about is to become
authoritative for them on our internal nameserver, so that it never
bothers forwarding requests. This won't work here - it's not confined to
one domain.
I've already used iptables to reject all traffic to the IP with an ICMP
destination network unreachable, but that's only half the problem - the
name for a nonexitant domain still resolves.
Hopefully this won't require a BIND patch to restore the normal
behaviour of the DNS (like an 'verisign-nxdomain-a-records' entry in
named.conf).
*sigh*
At least the .au TLD is clean for now... and I trust Chris Disspain and
the other folks at AuDA to make _sure_ it stays that way.
Craig Ringer
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list