Blocking Verisign's new wildcard DNS record
Tony Mountifield
tony at softins.clara.co.uk
Tue Sep 16 19:55:03 UTC 2003
In article <bk5ek8$2vuh$1 at sf1.isc.org>,
Christopher X. Candreva <chris at westnet.com> wrote:
> Verisign is now returning a wildcard record for any unregistered .net
> domain, with .com soon to follow. This is to redirect all such requests to
> their own search site.
>
> Now, the IP they are returning currently is 64.94.110.11. It just occurred
> to me, is it possible to configure bind such that any lookup that returns
> that IP returns Host not found instead ?
What you want to do, rather than check for that specific address, is to
compare the returned address for whatever.tld with that returned for
*.tld (which of course will be cached for the relevant TTL), and if they
match, return NXDOMAIN.
That way, Verisign can't get round it by changing the address regularly.
Cheers,
Tony
--
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the bind-users
mailing list