Blocking Verisign's new wildcard DNS record
Jim Hatfield
jim.hatfield at insignia.com
Tue Sep 16 18:14:34 UTC 2003
On 15 Sep 2003 20:27:13 -0700, google at achurch.org (Andrew Church) wrote:
>"Christopher X. Candreva" <chris at westnet.com> wrote in message news:<bk5ek8$2vuh$1 at sf1.isc.org>...
>> Verisign is now returning a wildcard record for any unregistered .net
>> domain, with .com soon to follow. This is to redirect all such requests to
>> their own search site.
>>
>> Now, the IP they are returning currently is 64.94.110.11. It just occurred
>> to me, is it possible to configure bind such that any lookup that returns
>> that IP returns Host not found instead ?
>
>I've uploaded a preliminary (as in, it seems to work for me) patch for BIND
>8 to my homepage (http://achurch.org/bind-verisign-patch.html). This is a
>"poor-man's" patch in the extreme--all it does is skip over any
>A/64.94.110.11 answer--but it has given me my "host not found" errors back.
Next they'll be changing the address every day.
--
Jim Hatfield
More information about the bind-users
mailing list