From owner-freebsd-hackers@FreeBSD.ORG  Fri Sep 19 03:09:33 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F03816A4BF
	for <freebsd-hackers@freebsd.org>;
	Fri, 19 Sep 2003 03:09:33 -0700 (PDT)
Received: from lilith.bellavista.cz (lilith.bellavista.cz [213.235.167.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4F4C643FBF
	for <freebsd-hackers@freebsd.org>;
	Fri, 19 Sep 2003 03:09:32 -0700 (PDT)
	(envelope-from neuhauser@bellavista.cz)
Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10])
	by lilith.bellavista.cz (Postfix) with ESMTP
	id 6C4B537; Fri, 19 Sep 2003 12:09:23 +0200 (CEST)
Received: by freepuppy.bellavista.cz (Postfix, from userid 1001)
	id D7CCA2FDA07; Fri, 19 Sep 2003 12:09:22 +0200 (CEST)
Date: Fri, 19 Sep 2003 12:09:22 +0200
From: Roman Neuhauser <neuhauser@bellavista.cz>
To: Garance A Drosihn <drosih@rpi.edu>
Message-ID: <20030919100922.GV79731@freepuppy.bellavista.cz>
Mail-Followup-To: Garance A Drosihn <drosih@rpi.edu>,
	Clifton Royston <cliftonr@lava.net>, freebsd-hackers@freebsd.org
References: <20030916102356.A11571@lava.net>
	<p0521060ebb8d285d36eb@[128.113.24.47]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <p0521060ebb8d285d36eb@[128.113.24.47]>
User-Agent: Mutt/1.5.4i
cc: freebsd-hackers@freebsd.org
cc: Clifton Royston <cliftonr@lava.net>
Subject: Re: Any workarounds for Verisign .com/.net highjacking?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2003 10:09:33 -0000

# drosih@rpi.edu / 2003-09-16 16:58:06 -0400:
> At 10:23 AM -1000 9/16/03, Clifton Royston wrote:
> >  In the meantime I'm trying to figure out if there's some
> >simple hack to disregard these wildcard A records, short of
> >requesting zone transfers of the root nameservers (e.g. via
> >peering with f.root-servers.net) and purging those records
> >out of the zone before loading it.
> >
> >Any ideas, either under djbdns or Bind 9?
> 
> The story at
> http://daily.daemonnews.org/view_story.php3?story_id=4068
> 
> notes that there is a patch for dnscache at:
> http://tinydns.org/djbdns-1.05-ignoreip.patch

    see this one: http://tinydns.org/djbdns-1.05-ignoreip2.patch
    and this PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/56951

> I have no idea of how well either of these work.  Use your
> own discretion at applying them.

    djbdns-1.05-ignoreip2.patch seems to work very well here, on three
    boxes; fourth one will follow later today.

-- 
If you cc me or remove the list(s) completely I'll most likely ignore
your message.    see http://www.eyrie.org./~eagle/faqs/questions.html