[Pdns-users] Verisign bullshit
Damian Gerow
damian at sentex.net
Tue Sep 16 13:59:51 UTC 2003
Thus spake bert hubert (ahu at ds9a.nl) [16/09/03 02:30]:
> It's not that simple. The only way so far to recognize their bogus answers
> is by IP address. They control the GTLD servers and all GTLD servers now
> show this behaviour. You can't easily do without, except by downloading the
> .COM and .NET source yourself.
>
> I'll add a feature to pdns to ignore answers containing a specified IP
> address, which will effectively make this go away.
NANOG has posted some good ideas about this. Instead of hardcoding the IP
address, why not maintain a cache of '*.tld'? i.e. when a request comes in
for www.domain.nu, do a lookup on '*.nu', and if the IP addresses match,
return NXDOMAIN. That way, you don't need to maintain a hard-coded list of
IP addresses, and the cache should be relatively up-to-date. This also
catches all the other domains (.nu is one) that are pulling the same shit.
More information about the Pdns-users
mailing list