[Pdns-users] Verisign bullshit
John Capo
jc at irbs.com
Tue Sep 16 14:55:09 UTC 2003
Quoting Damian Gerow (damian at sentex.net):
> Thus spake bert hubert (ahu at ds9a.nl) [16/09/03 02:30]:
> > It's not that simple. The only way so far to recognize their bogus answers
> > is by IP address. They control the GTLD servers and all GTLD servers now
> > show this behaviour. You can't easily do without, except by downloading the
> > .COM and .NET source yourself.
> >
> > I'll add a feature to pdns to ignore answers containing a specified IP
> > address, which will effectively make this go away.
>
> NANOG has posted some good ideas about this. Instead of hardcoding the IP
> address, why not maintain a cache of '*.tld'? i.e. when a request comes in
> for www.domain.nu, do a lookup on '*.nu', and if the IP addresses match,
> return NXDOMAIN. That way, you don't need to maintain a hard-coded list of
> IP addresses, and the cache should be relatively up-to-date. This also
> catches all the other domains (.nu is one) that are pulling the same shit.
Chris Adams posted this list of TLDs with wildcards on nanog:
ac
cc
com
cx
mp
museum
net
nu
ph
pw
sh
tk
tm
ws
Some have wildcard MX records too. More TLDs will probably follow.
I wonder if AOL, Mindspring, and other the bigggies will be hacking
their recursive name servers to deliver an A record pointing to
their pages instead of letting Verisign have thier customer's typos.
John Capo
More information about the Pdns-users
mailing list