Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Sep 2003 20:19:18 -0400
From:      Michael Edenfield <kutulu@kutulu.org>
To:        John Polstra <jdp@polstra.com>
Cc:        dan@langille.org
Subject:   Re: Any workarounds for Verisign .com/.net highjacking?
Message-ID:  <20030917001917.GB84494@wombat.localnet>
In-Reply-To: <XFMail.20030916170025.jdp@polstra.com>
References:  <20030916.175558.10083602.imp@bsdimp.com> <XFMail.20030916170025.jdp@polstra.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--lEGEL1/lMxI0MVQ2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* John Polstra <jdp@polstra.com> [030916 20:14]:
> On 16-Sep-2003 M. Warner Losh wrote:
> > I think we should put a filter for this nonsense into the base
> > system.  Hack the resolve to filter out the adddress, and hack bind to
> > filter it out too.  that way we can leverage our position in the name
> > servers in the world to do something about this BS.
>=20
> I think so too, in principle.  But we need something better than a
> hard-coded IP address.  It would take Verisign about an hour to figure
> out they need to change the address frequently.  (Well, OK, a day ...
> it's Verisign, after all.)

The best idea I had seen floated around was to cache the response to the
lookup of "*.net" for a given period of time inside the resolver.

kutulu@wombat:~$ host *.net
*.net has address 64.94.110.11

--Mike


--lEGEL1/lMxI0MVQ2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/Z6iFCczNhKRsh48RAifrAJ4yIYOnjb1KPwhB9VYLVuevOoP+pgCfaaKB
ezHMvnHm4xOSO2R5fvxb1qo=
=KwBH
-----END PGP SIGNATURE-----

--lEGEL1/lMxI0MVQ2--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030917001917.GB84494>