Getting rid of illegal lame delegations?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jan 15 23:18:14 UTC 2002
Chin Fang wrote:
> Starting a few days ago, my periodic review of our name server's logs
> revealed that queries of some domain names that we are in no way
> responsible for somehow were directed to our name servers, causing higher
> than normal load averages.
>
> Digging further, I realized these domain names were registered through
> VeriSign (ex-NSI), and somehow their name servers were delegated to
> ours!
>
> I would like to contact VeriSign so that such domain names are no
> longer delegated to ours. Given that some Windows DNS servers have a
> bug that might cause high frequency DNS query storm to a server that
> is *supposely* authoritative for a domain but actually not, I prefer
> to get rid of such "illegal" delegations ASAP to protection our name
> servers.
>
> But my research at http://www.netsol.com/ turned up nothing. Thus, I
> am turning to this list to see if anyone knows of an effective way to
> contact VeriSign to pass our request. Thanks for any tips and hints.
Turn off recursion or limit it only to your internal clients. This will
remove the incentive for people to "mooch" off of your server(s) in this way
and gradually they should stop doing it.
In the short term, if you want to be a prick about things, set up the
relevant zones on your nameserver. Either leave them empty, or for added
prickiness, point the zone-apex and/or "www" names to a porn site, a hate
group site, www.msn.com, www.netsol.com or something else blatantly
offensive...
- Kevin
More information about the bind-users
mailing list