On Mar 28, 11:46am, "D'Arcy J.M. Cain" wrote:
} On Mon, 5 Nov 2007 21:42:44 +0000
} "Steven M. Bellovin" <smb@cs.columbia.edu> wrote:
} > And the feature won't help.  This nonsense is implemented by Verizon in
} > their customer-facing caching servers, whose addresses are handed out
} > by dhcp.  You can even opt out, in which case you get different IP
} > addresses, per
} > http://netservices.verizon.net/portal/link/help/item?case=c32535 (tell
} > the form you're using FIOS and Verizon Online).
} 
} Perhaps I am not explaining myself clearly.  The feature doesn't change
} the server that you use for DNS.  It is meant to examine resonses from
} any server that you may be using and if you get a "bad" response it
} treats it as NXDOMAIN response.  A "bad" response is one that matches
} the IPs that you list.
} 
} Perhaps an example.
} 
} Let's say that I have a DSL modem that picks up my ISP's nameserver
} automatically and I use the modem's DNS server on my NetBSD box behind
} the modem.  I ftp from ftp.NetBSD.ogr.  The ISP catches my typo and
} returns IP 1.2.3.4 which is it's own "helpful" web server.  Since it is
} not an ftp server I wind up thinking that NetBSD's ftp server is down.
} 
} If I find out that my ISP is redirecting misses to 1.2.3.4 I go
} into /etc/resolv.conf and add a line that says that 1.2.3.4 is a "bad"
} IP.  Now whenever I make a mistake I get a proper response that the
} host address I typed is invalid and I can fix my error right away.

     As a home user, you can generally easily deal with this yourself.
Just add 'named=YES' to /etc/rc.conf and put 'nameserver 127.0.0.1' in
/etc/resolv.conf.  You don't need to do any custom configuring of
named.  If you're running dhclient, then put this in
/etc/dhclient-enter-hooks and make it executable:

make_resolv_conf() {
}

If you follow these steps, you won't have to care what your ISP is
doing because you won't be using their DNS servers.

}-- End of excerpt from "D'Arcy J.M. Cain"