From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 16 14:12:58 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3322316A4B3 for ; Tue, 16 Sep 2003 14:12:58 -0700 (PDT) Received: from basement.kutulu.org (pcp03610121pcs.longhl01.md.comcast.net [68.49.239.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4436643F75 for ; Tue, 16 Sep 2003 14:12:57 -0700 (PDT) (envelope-from kutulu@kutulu.org) Received: from wombat.localnet (wombat.localnet [192.168.69.3]) by basement.kutulu.org (Postfix) with ESMTP id 93606A9FA; Tue, 16 Sep 2003 17:12:45 -0400 (EDT) Received: by wombat.localnet (Postfix, from userid 1001) id 7BBE2B927; Tue, 16 Sep 2003 17:12:41 -0400 (EDT) Date: Tue, 16 Sep 2003 17:12:41 -0400 From: Michael Edenfield To: Dan Langille Message-ID: <20030916211241.GA83385@wombat.localnet> Mail-Followup-To: Dan Langille , Clifton Royston , freebsd-hackers@FreeBSD.org References: <20030916102356.A11571@lava.net> <3F673E27.29338.6E87ACC@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline In-Reply-To: <3F673E27.29338.6E87ACC@localhost> X-Mailer: Mutt http://www.mutt.org/ X-Accept-Language: en X-PGP-Key: http://www.kutulu.org/pgp/kutulu.asc X-PGP-Fingerprint: 1CE0 3C31 7013 D529 406D 37DC 09CC CD84 A46C 878F User-Agent: Mutt/1.5.4i cc: freebsd-hackers@FreeBSD.org cc: Clifton Royston Subject: Re: Any workarounds for Verisign .com/.net highjacking? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 21:12:58 -0000 --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Dan Langille [030916 16:46]: > On 16 Sep 2003 at 10:23, Clifton Royston wrote: >=20 > > In the meantime I'm trying to figure out if there's some simple hack > > to disregard these wildcard A records, short of requesting zone > > transfers of the root nameservers (e.g. via peering with > > f.root-servers.net) and purging those records out of the zone before > > loading it. Any ideas, either under djbdns or Bind 9? >=20 > Sorry, only for bind8, as was posted to my local LUG list: >=20 > http://achurch.org/bind-verisign-patch.html And from NANOG, here are workarounds for Bind9 and djbdns. http://www.imperialviolet.org/dnsfix.html --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z3zJCczNhKRsh48RAkoeAJ9ARAyjQPw68Rwe+i8pCgaSKA1kOACgsrFK khK5Qwpj1b3IuHXgFsHFFns= =zg18 -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp--