Date: Fri, 19 Sep 2003 12:09:22 +0200 From: Roman Neuhauser <neuhauser@bellavista.cz> To: Garance A Drosihn <drosih@rpi.edu> Cc: Clifton Royston <cliftonr@lava.net> Subject: Re: Any workarounds for Verisign .com/.net highjacking? Message-ID: <20030919100922.GV79731@freepuppy.bellavista.cz> In-Reply-To: <p0521060ebb8d285d36eb@[128.113.24.47]> References: <20030916102356.A11571@lava.net> <p0521060ebb8d285d36eb@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
# drosih@rpi.edu / 2003-09-16 16:58:06 -0400: > At 10:23 AM -1000 9/16/03, Clifton Royston wrote: > > In the meantime I'm trying to figure out if there's some > >simple hack to disregard these wildcard A records, short of > >requesting zone transfers of the root nameservers (e.g. via > >peering with f.root-servers.net) and purging those records > >out of the zone before loading it. > > > >Any ideas, either under djbdns or Bind 9? > > The story at > http://daily.daemonnews.org/view_story.php3?story_id=4068 > > notes that there is a patch for dnscache at: > http://tinydns.org/djbdns-1.05-ignoreip.patch see this one: http://tinydns.org/djbdns-1.05-ignoreip2.patch and this PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/56951 > I have no idea of how well either of these work. Use your > own discretion at applying them. djbdns-1.05-ignoreip2.patch seems to work very well here, on three boxes; fourth one will follow later today. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030919100922.GV79731>