Blocking Verisign's new wildcard DNS record
Russell Nelson
nelson at crynwr.com
Tue Sep 16 04:40:51 UTC 2003
"Christopher X. Candreva" <chris at westnet.com> writes:
> Verisign is now returning a wildcard record for any unregistered .net
> domain, with .com soon to follow. This is to redirect all such requests to
> their own search site.
>
> Now, the IP they are returning currently is 64.94.110.11. It just occurred
> to me, is it possible to configure bind such that any lookup that returns
> that IP returns Host not found instead ?
Here's how I did it for djbdns: http://tinydns.org/djbdns-1.05-ignoreip.patch
Basically, any response with an A RR matching 64.94.110.11 is turned
into an NXDOMAIN.
--
--My blog is at angry-economist.russnelson.com | Free markets express in the
Crynwr sells support for free software | PGPok | practical world our belief
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that there is that of God
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | in all people. -Chris V.
More information about the bind-users
mailing list