Void's Forums

Void Main's Beautiful Site

Skip to content

Verisign's dumbass move and the fix

Place to discuss Fedora and/or Red Hat
Post a reply

Verisign's dumbass move and the fix

Postby Void Main » Thu Sep 18, 2003 10:02 pm

For those that don't know, Verisign is responsible for the .com and .net top level domains. A couple of days back they added a wildcard record to the root servers so basically all invalid *.net and *.com names point to a Verisign address. For instance if you make a typo in your browser like http://www.lkjlsdioufasdf.com/ you will get a sitefinder server from Verisign. Do an "nslookup", "dig" or any other DNS lookup in the *.com/*.net domain and everything that used to not resolve now goes to this Verisign address. Well, not only does verisign have instant access to all sorts of marketing data and advertising revenue but they have broken many many things, one that particularly pisses me off is SPAM filtering. I am now getting more spam because I was blocking invalid domains before and now there are no invalid domains in *.com/*.net.

Well, thankfully the author of BIND (the main DNS software) has created a patch so these wildcard records will be ignored. I created a RedHat 9 RPM for BIND 9.2.2 with the patch installed. If you are running your own DNS server and are also annoyed by this you can upgrade your bind with my bind RPMS and add these entries to your /etc/named.conf next to your other zones after upgrading:

Code: Select all
zone "com" {
     type delegation-only;
};
zone "net" {
     type delegation-only;
};


You can either install/upgrade your bind using apt for RedHat if you have my repository in your sources.list or you can grab them directly from here:

http://voidmain.is-a-geek.net/files/RPMS/

For more information see:
http://isc.org/products/BIND/delegation-only.html
http://www.theregister.co.uk/content/6/32852.html
http://www.theregister.co.uk/content/6/32872.html
http://www.theregister.co.uk/content/6/32873.html
http://www.theregister.co.uk/content/6/32926.html
http://www.theregister.co.uk/content/6/32933.html
http://www.icann.org/announcements/advisory-19sep03.htm
User avatar
Void Main
Site Admin
Site Admin
 
Posts: 5705
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Top

Postby TheQuirk » Sat Sep 20, 2003 7:11 pm

I'd like to make a small update: ICANN issued an advisory telling Verisign to stop the practice (for now, at least).

You can read it here.

Verisign followed the advisory, BTW.
TheQuirk
programmer
programmer
 
Posts: 113
Joined: Wed Jan 22, 2003 4:11 pm
Top
Post a reply

Return to Fedora/Red Hat

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group
cron