Blocking Verisign's new wildcard DNS record
Sam Pointer
sam.pointer at hpdsoftware.com
Tue Sep 16 12:05:45 UTC 2003
.com is now live too.
IMHO this is a terrible thing to be doing. What a complete pain in the bum
for troubleshooting. `dig thisisanonexistentdomainname.com` - oh yes,
something returned.
More to the point, dig 11.110.94.64.in-addr.arpa to check for domain name
existence to prevent spam - a reverse mapping now exists so we'll let the
email through. Whoops, there goes out spam filters.
What about email? Let's email blahblahblah.com, what no MX record? Let's
just try direct A record delivery instead then as a last ditch. Mail is sent
to 64.94.110.11! What a complete waste of time, bandwidth and general
effort. Not only that, they have a server listening on this address on port
25! It's a mail rejecter, OK - but seriously, this is so poorly thought-out
and disruptive I don't know where to begin. This is so seriously going to
break mail delivery to secondary MTAs where MX records have been mis-typed
for the primaries. Spam checkers connecting to port 25 of `sendmespam.com`
and getting a 'HELO', oh - that now works too!
If there has been previous discussion on this list about this then I am
sorry that I have missed it. This is going to cause no end of problems.
I cannot believe the stupidity of this.
-----Original Message-----
From: Christopher X. Candreva [mailto:chris at westnet.com]
Sent: 15 September 2003 22:34
To: comp-protocols-dns-bind at isc.org
Subject: Blocking Verisign's new wildcard DNS record
Verisign is now returning a wildcard record for any unregistered .net
domain, with .com soon to follow. This is to redirect all such requests to
their own search site.
Now, the IP they are returning currently is 64.94.110.11. It just occurred
to me, is it possible to configure bind such that any lookup that returns
that IP returns Host not found instead ?
If Verisign is determined to break DNS, perhaps we can break it back ?
--
==========================================================
Chris Candreva -- chris at westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
This email and any attachments are strictly confidential and are intended
solely for the addressee. If you are not the intended recipient you must
not disclose, forward, copy or take any action in reliance on this message
or its attachments. If you have received this email in error please notify
the sender as soon as possible and delete it from your computer systems.
Any views or opinions presented are solely those of the author and do not
necessarily reflect those of HPD Software Limited or its affiliates.
At present the integrity of email across the internet cannot be guaranteed
and messages sent via this medium are potentially at risk. All liability
is excluded to the extent permitted by law for any claims arising as a re-
sult of the use of this medium to transmit information by or to
HPD Software Limited or its affiliates.
More information about the bind-users
mailing list