Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Sep 2003 18:34:02 +0200 (CEST)
From:      Barry Bouwsma <freebsd-misuser@remove-NOSPAM-to-reply.NOSPAM.dyndns.dk>
To:        freebsd-hackers@freebsd.org
Subject:   Re: Any workarounds for Verisign .com/.net highjacking?
Message-ID:  <200309241634.h8OGY2D02788@Mail.NOSPAM.DynDNS.dK>
References:  <20030916102356.A11571@lava.net> <p0521060ebb8d285d36eb@[128.113.24.47]> <20030919100922.GV79731@freepuppy.bellavista.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 
[obligatory From: address is IPv6-only; to obtain IPv4-mailable address,
 remove hostname part.  Even then no guarantee mail won't bounce -- I
 follow the list archives in my copious offline time]


> > >  In the meantime I'm trying to figure out if there's some
> > >simple hack to disregard these wildcard A records, short of

> > I have no idea of how well either of these work.  Use your
> > own discretion at applying them.

>     djbdns-1.05-ignoreip2.patch seems to work very well here, on three

A stupid question, no less, since I see this being discussed here -- is it
correct that the ISC BIND patch does not work with a nameserver that's set
up as a forward-only box?

I've applied the patch to a random BIND successfully, but I'm configured
as forward-only for the domains I don't dish out, being on the unpleasant
end of a PPP dial-in and trying to do my part to keep the root nameservers'
load down.  I nab the ISP-provided DNS addresses during the PPP handshake,
configure them as forwarders (plus one or two backups) and restart named,
but still I was able to resolve a made-up com domain to the Usual Address.

This tells me I need to use the DNS machines of an ISP with Clue as static
forwarder addresses, not those provided by ISP-of-the-day (and the last ISP
seemed to give horribly broken machines anyway), if this reaches a point
where I actually want to do something about these wildcards.  Provided the
ISP allows outgoing DNS queries too.


Thanks,
Barry Bouwsma

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309241634.h8OGY2D02788>