Subject: Re: verisign *.net action
To: None <tech-net@NetBSD.org>
From: William Allen Simpson <email@example.com>
Date: 09/17/2003 09:13:56
Bill Sommerfeld wrote:
> > do we want this (quickhack) patch into our BIND8?
> > http://achurch.org/bind8-verisign-patch.txt
> An official patch from ISC is reportedly immanent; see:
Only patches BIND 9, any idea whether how hard it will be to back port
der Mouse wrote:
> > (The tempation being [of course] to just blackhole all the addresses
> > owned by verisign... :-)
> Those interested in this may wish to look into the
> verisign.blackholes.us DNSL. (I was just a few hours too slow, or I'd
> have had something similar set up myself.)
Cute. We (and many other ISPs) quickly dropped a hardcoded blackhole
into our routers, but it doesn't solve the real problem -- email will
still queue for days to the bogus DNS address.
A BIND change is the best, as the bogon address doesn't arrive to the
other servers and clients (and customers).
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32