Blocking Verisign's new wildcard DNS record
Andrew Church
google at achurch.org
Tue Sep 16 03:27:13 UTC 2003
"Christopher X. Candreva" <chris at westnet.com> wrote in message news:<bk5ek8$2vuh$1 at sf1.isc.org>...
> Verisign is now returning a wildcard record for any unregistered .net
> domain, with .com soon to follow. This is to redirect all such requests to
> their own search site.
>
> Now, the IP they are returning currently is 64.94.110.11. It just occurred
> to me, is it possible to configure bind such that any lookup that returns
> that IP returns Host not found instead ?
I've uploaded a preliminary (as in, it seems to work for me) patch for BIND
8 to my homepage (http://achurch.org/bind-verisign-patch.html). This is a
"poor-man's" patch in the extreme--all it does is skip over any
A/64.94.110.11 answer--but it has given me my "host not found" errors back.
More information about the bind-users
mailing list