Any workarounds for Verisign .com/.net highjacking?
Michael Edenfield
kutulu at kutulu.org
Tue Sep 16 17:19:19 PDT 2003
* John Polstra <jdp at polstra.com> [030916 20:14]:
> On 16-Sep-2003 M. Warner Losh wrote:
> > I think we should put a filter for this nonsense into the base
> > system. Hack the resolve to filter out the adddress, and hack bind to
> > filter it out too. that way we can leverage our position in the name
> > servers in the world to do something about this BS.
>
> I think so too, in principle. But we need something better than a
> hard-coded IP address. It would take Verisign about an hour to figure
> out they need to change the address frequently. (Well, OK, a day ...
> it's Verisign, after all.)
The best idea I had seen floated around was to cache the response to the
lookup of "*.net" for a given period of time inside the resolver.
kutulu at wombat:~$ host *.net
*.net has address 64.94.110.11
--Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030916/b4a84a0d/attachment.bin
More information about the freebsd-hackers
mailing list