Date: Tue, 16 Sep 2003 20:19:18 -0400 From: Michael Edenfield <kutulu@kutulu.org> To: John Polstra <jdp@polstra.com> Cc: dan@langille.org Subject: Re: Any workarounds for Verisign .com/.net highjacking? Message-ID: <20030917001917.GB84494@wombat.localnet> In-Reply-To: <XFMail.20030916170025.jdp@polstra.com> References: <20030916.175558.10083602.imp@bsdimp.com> <XFMail.20030916170025.jdp@polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--lEGEL1/lMxI0MVQ2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * John Polstra <jdp@polstra.com> [030916 20:14]: > On 16-Sep-2003 M. Warner Losh wrote: > > I think we should put a filter for this nonsense into the base > > system. Hack the resolve to filter out the adddress, and hack bind to > > filter it out too. that way we can leverage our position in the name > > servers in the world to do something about this BS. >=20 > I think so too, in principle. But we need something better than a > hard-coded IP address. It would take Verisign about an hour to figure > out they need to change the address frequently. (Well, OK, a day ... > it's Verisign, after all.) The best idea I had seen floated around was to cache the response to the lookup of "*.net" for a given period of time inside the resolver. kutulu@wombat:~$ host *.net *.net has address 64.94.110.11 --Mike --lEGEL1/lMxI0MVQ2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z6iFCczNhKRsh48RAifrAJ4yIYOnjb1KPwhB9VYLVuevOoP+pgCfaaKB ezHMvnHm4xOSO2R5fvxb1qo= =KwBH -----END PGP SIGNATURE----- --lEGEL1/lMxI0MVQ2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030917001917.GB84494>