Date: Wed, 17 Sep 2003 14:50:44 -0500 From: "Scot W. Hetzel" <hetzelsw@westbend.net> To: <stable@freebsd.org>, "Brett Glass" <brett@lariat.org> Subject: Re: Request for FreeBSD 4.9-RELEASE: PLEASE include this patch to BIND and turn it on by default Message-ID: <027201c37d55$1ff97480$13fd2fd8@Admin02> References: <4.3.2.7.2.20030917103213.02926750@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Brett Glass" <brett@lariat.org> > As many of you may know, Verisign/Network Solutions has recently added wildcard > records to the .com and .net TLDs. All typographical errors that result in failed > resolution of a host name now cause the user's browser to be bounced to a > search engine page maintained by Verisign. > > A nasty side effect of this attempt at "universal typosquatting" is that mail > transfer agents such as Sendmail can no longer block reduce spam by rejecting > mail that claims to come from an unresolvable host name. > > The message below describes an emergency patch, made by ISC to BIND, which > defeats Verisign's TLD wildcards. Please incorporate this patch into the > version of BIND that ships with FreeBSD 4.9-RELEASE. It will save many of > us a lot of tedious manual patching! > > [2] http://www.isc.org/products/BIND/delegation-only.html > Currently, there is no delegation-only patch available from isc.org for Bind 8. According to Paul Vixie [1], Bind 8 is not a priority as they would rather put it into feature freeze, but they are considering it. Several administrators [2,3] have created a patch for bind8, but it hard codes the IP address being used by Verisign into the named daemon. Scot [1] NANOG Mail List - http://www.merit.edu/mail.archives/nanog/msg13868.html [2] NANOG Mail List - http://www.merit.edu/mail.archives/nanog/msg13704.html [3] BIND Users List - http://marc.theaimsgroup.com/?l=bind-users&m=106381817926374&w=2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?027201c37d55$1ff97480$13fd2fd8>