[Pdns-users] Verisign bullshit
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Sep 16 08:34:29 UTC 2003
On Tue, Sep 16, 2003 at 08:30:13AM +0200,
bert hubert <ahu at ds9a.nl> wrote
a message of 24 lines which said:
> It's not that simple. The only way so far to recognize their bogus answers
> is by IP address.
There is an issue for MX records, then. Verisign sends an empty reply,
without NXDOMAIN. You cannot easily detect that it is a fake, unlike
the reply to an A query.
> I'll add a feature to pdns to ignore answers containing a specified IP
> address, which will effectively make this go away.
You could draw inspiration from djbdns but it does not address my
concern above:
http://tinydns.org/djbdns-1.05-ignoreip.patch
More information about the Pdns-users
mailing list