[plug] Q for the DNS gurus

Cameron Patrick cameron at patrick.wattle.id.au
Sat Apr 9 12:37:51 WST 2005


Bernard Blackham wrote:

> >  *      zone com IN { type delegation-only; };
> >  *      zone net IN { type delegation-only; };

> Whilst VeriSign have pulled the global wildcard records, if
> everybody has that option in place, it means nobody can pull the
> same stunt again (at least on .com and .net) ...

There's another way to do this, incidentally, described in the default
Debian bind config file, which does it for all top-level domains:

    // From the release notes:
    //  Because many of our users are uncomfortable receiving undelegated answers
    //  from root or top level domains, other than a few for whom that behaviour
    //  has been trusted and expected for quite some length of time, we have now
    //  introduced the "root-delegations-only" feature which applies delegation-only
    //  logic to all top level domains, and to the root domain.  An exception list
    //  should be specified, including "MUSEUM" and "DE", and any other top level
    //  domains from whom undelegated responses are expected and trusted.
    root-delegation-only exclude { "DE"; "MUSEUM"; };

Cameron.



More information about the plug mailing list