Any workarounds for Verisign .com/.net highjacking?
Garance A Drosihn
drosih at rpi.edu
Tue Sep 16 13:58:11 PDT 2003
At 10:23 AM -1000 9/16/03, Clifton Royston wrote:
> In the meantime I'm trying to figure out if there's some
>simple hack to disregard these wildcard A records, short of
>requesting zone transfers of the root nameservers (e.g. via
>peering with f.root-servers.net) and purging those records
>out of the zone before loading it.
>
>Any ideas, either under djbdns or Bind 9?
The story at
http://daily.daemonnews.org/view_story.php3?story_id=4068
notes that there is a patch for dnscache at:
http://tinydns.org/djbdns-1.05-ignoreip.patch
someone also posted a likely update for bind 9 to slashdot:
http://slashdot.org/comments.pl?sid=78637&cid=6973033
(also available in a uuencoded version at:
http://slashdot.org/comments.pl?sid=78637&cid=6972991
)
I have no idea of how well either of these work. Use your
own discretion at applying them.
--
Garance Alistair Drosehn = gad at gilead.netel.rpi.edu
Senior Systems Programmer or gad at freebsd.org
Rensselaer Polytechnic Institute or drosih at rpi.edu
More information about the freebsd-hackers
mailing list