From owner-freebsd-isp@FreeBSD.ORG  Thu Sep 18 11:45:09 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7CF1C16A4B3
	for <freebsd-isp@freebsd.org>; Thu, 18 Sep 2003 11:45:09 -0700 (PDT)
Received: from perrin.nxad.com (internal.nxad.com [69.1.70.251])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0138D43FCB
	for <freebsd-isp@freebsd.org>; Thu, 18 Sep 2003 11:45:09 -0700 (PDT)
	(envelope-from sean@nxad.com)
Received: by perrin.nxad.com (Postfix, from userid 1001)
	id 6F53F21065; Thu, 18 Sep 2003 11:45:08 -0700 (PDT)
Date: Thu, 18 Sep 2003 11:45:08 -0700
From: Sean Chittenden <sean@chittenden.org>
To: Ted Cabeen <secabeen@pobox.com>
Message-ID: <20030918184508.GC79031@perrin.nxad.com>
References: <20030917081828.GC43577@mccaffrey.house.so14k.com>
	<87znh3o3p2.fsf@gray.impulse.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87znh3o3p2.fsf@gray.impulse.net>
X-PGP-Key: finger seanc@FreeBSD.org
X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0  83A6 DD99 E31F BC84 B341
X-Web-Homepage: http://sean.chittenden.org/
User-Agent: Mutt/1.5.4i
cc: freebsd-isp@freebsd.org
Subject: Re: Verisign fun.
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Sep 2003 18:45:09 -0000

> If you want to do something like this, here's the official ISC patch:
> 
> http://www.isc.org/products/BIND/delegation-only.html

And for those that don't know how to use the patch, add the following
to your config once you recompile:

zone "com" in { type delegation-only; };
zone "net" in { type delegation-only; };
zone "cc" in { type delegation-only; };
zone "cx" in { type delegation-only; };
zone "io" in { type delegation-only; };
zone "mp" in { type delegation-only; };
zone "nu" in { type delegation-only; };
zone "ph" in { type delegation-only; };
zone "td" in { type delegation-only; };
zone "tk" in { type delegation-only; };
zone "tv" in { type delegation-only; };
zone "ws" in { type delegation-only; };

And actually, if you're using the bind9 port, here's the patch
suitable for inclusion in the dns/bind9 port:

cd /usr/ports/dns/bind9
mkdir files
fetch -o files/patch-delegation http://people.freebsd.org/~seanc/patches/patch-HEAD-ports::dns::bind9::patch-delegation

And you can rebuild/upgrade from there.

-sc

-- 
Sean Chittenden