From owner-freebsd-stable@FreeBSD.ORG Wed Sep 17 12:51:46 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A730A16A4B3 for ; Wed, 17 Sep 2003 12:51:46 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id A399343F85 for ; Wed, 17 Sep 2003 12:51:45 -0700 (PDT) (envelope-from hetzelsw@westbend.net) Received: from Admin02 (admin02.westbend.net [216.47.253.19]) by mail.westbend.net (8.12.9/8.12.9) with SMTP id h8HJpf2a075143; Wed, 17 Sep 2003 14:51:41 -0500 (CDT) (envelope-from hetzelsw@westbend.net) Message-ID: <027201c37d55$1ff97480$13fd2fd8@Admin02> From: "Scot W. Hetzel" To: , "Brett Glass" References: <4.3.2.7.2.20030917103213.02926750@localhost> Date: Wed, 17 Sep 2003 14:50:44 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-0.3 required=8.0 tests=QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01, USER_AGENT_OE version=2.43 Subject: Re: Request for FreeBSD 4.9-RELEASE: PLEASE include this patch to BIND and turn it on by default X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2003 19:51:46 -0000 From: "Brett Glass" > As many of you may know, Verisign/Network Solutions has recently added wildcard > records to the .com and .net TLDs. All typographical errors that result in failed > resolution of a host name now cause the user's browser to be bounced to a > search engine page maintained by Verisign. > > A nasty side effect of this attempt at "universal typosquatting" is that mail > transfer agents such as Sendmail can no longer block reduce spam by rejecting > mail that claims to come from an unresolvable host name. > > The message below describes an emergency patch, made by ISC to BIND, which > defeats Verisign's TLD wildcards. Please incorporate this patch into the > version of BIND that ships with FreeBSD 4.9-RELEASE. It will save many of > us a lot of tedious manual patching! > > [2] http://www.isc.org/products/BIND/delegation-only.html > Currently, there is no delegation-only patch available from isc.org for Bind 8. According to Paul Vixie [1], Bind 8 is not a priority as they would rather put it into feature freeze, but they are considering it. Several administrators [2,3] have created a patch for bind8, but it hard codes the IP address being used by Verisign into the named daemon. Scot [1] NANOG Mail List - http://www.merit.edu/mail.archives/nanog/msg13868.html [2] NANOG Mail List - http://www.merit.edu/mail.archives/nanog/msg13704.html [3] BIND Users List - http://marc.theaimsgroup.com/?l=bind-users&m=106381817926374&w=2