[Pdns-users] Verisign bullshit

Damian Gerow damian at sentex.net
Tue Sep 16 13:59:51 UTC 2003


Thus spake bert hubert (ahu at ds9a.nl) [16/09/03 02:30]:
> It's not that simple. The only way so far to recognize their bogus answers
> is by IP address. They control the GTLD servers and all GTLD servers now
> show this behaviour. You can't easily do without, except by downloading the
> .COM and .NET source yourself.
> 
> I'll add a feature to pdns to ignore answers containing a specified IP
> address, which will effectively make this go away.

NANOG has posted some good ideas about this.  Instead of hardcoding the IP
address, why not maintain a cache of '*.tld'?  i.e. when a request comes in
for www.domain.nu, do a lookup on '*.nu', and if the IP addresses match,
return NXDOMAIN.  That way, you don't need to maintain a hard-coded list of
IP addresses, and the cache should be relatively up-to-date.  This also
catches all the other domains (.nu is one) that are pulling the same shit.


More information about the Pdns-users mailing list