Moving this to tech-net...

D'Arcy J.M. Cain wrote:
> How do we feel about a mod to the resolver library to implement a DNS
> blacklist?  Verizon and others are starting to resurrect sitefinder on
> a local basis.  It occurs to me that one self-defense mechanism would
> be the ability to add a line to /etc/resolv.conf that declares certain
> IP addresses as evil^H^H^H^Hinaccurate and treat responses with those
> addresses as returning NXDOMAIN.  This would allow users behind those
> hijacking DNS servers to identify and redirect the redirection.
>   

What exactly is the problem?
Queries for non-existant names returns an A record that points
to one of their web servers saying "welcome"?
Do they do it when recursion is both enabled and disabled?

Darren