From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 24 19:09:51 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0732416A4B3 for ; Wed, 24 Sep 2003 19:09:51 -0700 (PDT) Received: from malasada.lava.net (malasada.lava.net [64.65.64.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65B8244013 for ; Wed, 24 Sep 2003 19:09:50 -0700 (PDT) (envelope-from cliftonr@lava.net) Received: by malasada.lava.net (Postfix, from userid 102) id 0C261153CFB; Wed, 24 Sep 2003 16:09:44 -1000 (HST) Date: Wed, 24 Sep 2003 16:09:43 -1000 From: Clifton Royston To: freebsd-hackers@freebsd.org Message-ID: <20030924160942.A5398@tikitechnologies.com> Mail-Followup-To: freebsd-hackers@freebsd.org References: <20030916102356.A11571@lava.net> <20030919100922.GV79731@freepuppy.bellavista.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030919100922.GV79731@freepuppy.bellavista.cz>; from neuhauser@bellavista.cz on Fri, Sep 19, 2003 at 12:09:22PM +0200 Subject: Re: Any workarounds for Verisign .com/.net highjacking? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 02:09:51 -0000 On Fri, Sep 19, 2003 at 12:09:22PM +0200, Roman Neuhauser wrote: > # drosih@rpi.edu / 2003-09-16 16:58:06 -0400: > > At 10:23 AM -1000 9/16/03, Clifton Royston wrote: > > > In the meantime I'm trying to figure out if there's some > > >simple hack to disregard these wildcard A records, short of > > >requesting zone transfers of the root nameservers (e.g. via > > >peering with f.root-servers.net) and purging those records > > >out of the zone before loading it. > > > > > >Any ideas, either under djbdns or Bind 9? > > > > The story at > > http://daily.daemonnews.org/view_story.php3?story_id=4068 > > > > notes that there is a patch for dnscache at: > > http://tinydns.org/djbdns-1.05-ignoreip.patch > > see this one: http://tinydns.org/djbdns-1.05-ignoreip2.patch > and this PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/56951 > > > I have no idea of how well either of these work. Use your > > own discretion at applying them. > > djbdns-1.05-ignoreip2.patch seems to work very well here, on three > boxes; fourth one will follow later today. Belated followup to this: The above-mentioned DJBDNS patch has been working great for me. I worked it into my local copy of the ports tree. Things are much better now... -- Clifton -- Clifton Royston -- cliftonr@tikitechnologies.com Tiki Technologies Lead Programmer/Software Architect Did you ever fly a kite in bed? Did you ever walk with ten cats on your head? Did you ever milk this kind of cow? Well we can do it. We know how. If you never did, you should. These things are fun, and fun is good. -- Dr. Seuss