How can I block Verisign?
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Fri Sep 19 01:56:40 UTC 2003
M> Ever since Verisign horribly abused its root server=20
M> privileges (which should be revoked) [...]
It hasn't, yet, abused its root server privileges. That conflict is=20
yet to come. It has abused its GTLD ("com." and "net.") server=20
privileges.
And, yes, the proper (and only) way to deal with this is to revoke=20
Verisign's authority over "com." and "net.".
M> Are there not Verisign IP addresses I can block?=20
Doing this doesn't correct the problems in domain name validation in=20
various softwares.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/verisign-internet-=
coup.html#Resistance>
M> And is it safe to block Verisign root servers?=20
Answering the question that was actually asked: Yes, the other 11=20
of ICANN's root servers will still be accessible.
Correcting your conflation of "root server" with "'com.'/'net.'=20
server" and answering a different question: No. This will prevent=20
you from being able to lookup "com." and "net." or any of their=20
subdomains.
M> Any suggestions are welcome;=20
Contact Verisign and your chosen root server organisation. Tell the
root server organisation to tell Verisign to cease employing its
wildcards, and to threaten to stop delegating authority for "com."=20
and "net." to it (and instead to delegate that authority to a more=20
co=F6perative organisation) if it does not comply. If your chosen=20
root server organisation does not comply, threaten that you will=20
stop delegating _your_ authority over the DNS namespace to _it_.
More information about the bind-users
mailing list