Date: Tue, 16 Sep 2003 17:12:41 -0400 From: Michael Edenfield <kutulu@kutulu.org> To: Dan Langille <dan@langille.org> Cc: Clifton Royston <cliftonr@lava.net> Subject: Re: Any workarounds for Verisign .com/.net highjacking? Message-ID: <20030916211241.GA83385@wombat.localnet> In-Reply-To: <3F673E27.29338.6E87ACC@localhost> References: <20030916102356.A11571@lava.net> <3F673E27.29338.6E87ACC@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Dan Langille <dan@langille.org> [030916 16:46]: > On 16 Sep 2003 at 10:23, Clifton Royston wrote: >=20 > > In the meantime I'm trying to figure out if there's some simple hack > > to disregard these wildcard A records, short of requesting zone > > transfers of the root nameservers (e.g. via peering with > > f.root-servers.net) and purging those records out of the zone before > > loading it. Any ideas, either under djbdns or Bind 9? >=20 > Sorry, only for bind8, as was posted to my local LUG list: >=20 > http://achurch.org/bind-verisign-patch.html And from NANOG, here are workarounds for Bind9 and djbdns. http://www.imperialviolet.org/dnsfix.html --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z3zJCczNhKRsh48RAkoeAJ9ARAyjQPw68Rwe+i8pCgaSKA1kOACgsrFK khK5Qwpj1b3IuHXgFsHFFns= =zg18 -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030916211241.GA83385>