[Pdns-users] Verisign bullshit
Damian Gerow
damian at sentex.net
Tue Sep 16 15:41:42 UTC 2003
Thus spake John Capo (jc at irbs.com) [16/09/03 10:55]:
> Chris Adams posted this list of TLDs with wildcards on nanog:
>
> ac
> cc
> com
> cx
> mp
> museum
> net
> nu
> ph
> pw
> sh
> tk
> tm
> ws
Thanks! That's the list I was thinking of. And for this reason...
> Some have wildcard MX records too. More TLDs will probably follow.
I maintain that the easiest method of blocking this type of 'service' is to
provide an option that will match the requested domain against a wildcard
version of that TLD (and same record type -- so A matches A, MX matches
MX...), and return NXDOMAIN if the result matches/is contained within the
overloaded RR.
This is probably a little more difficult to code than a simple check (I
don't know C, so I can't help much here), but will stick around for much
longer.
More information about the Pdns-users
mailing list