Any workarounds for Verisign .com/.net highjacking?
Roman Neuhauser
neuhauser at bellavista.cz
Fri Sep 19 03:09:33 PDT 2003
# drosih at rpi.edu / 2003-09-16 16:58:06 -0400:
> At 10:23 AM -1000 9/16/03, Clifton Royston wrote:
> > In the meantime I'm trying to figure out if there's some
> >simple hack to disregard these wildcard A records, short of
> >requesting zone transfers of the root nameservers (e.g. via
> >peering with f.root-servers.net) and purging those records
> >out of the zone before loading it.
> >
> >Any ideas, either under djbdns or Bind 9?
>
> The story at
> http://daily.daemonnews.org/view_story.php3?story_id=4068
>
> notes that there is a patch for dnscache at:
> http://tinydns.org/djbdns-1.05-ignoreip.patch
see this one: http://tinydns.org/djbdns-1.05-ignoreip2.patch
and this PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/56951
> I have no idea of how well either of these work. Use your
> own discretion at applying them.
djbdns-1.05-ignoreip2.patch seems to work very well here, on three
boxes; fourth one will follow later today.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
More information about the freebsd-hackers
mailing list