[Dshield] Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
full-disclosure at ifokr.org
Wed Sep 17 05:28:18 GMT 2003
> This is simply amazing, Verisign has just turned the .COM and .NET TLD
> DNS servers up-side-down for their own economical gain and, in doing so,
> disrupted network traffic for most of the Internet. Mail administrators
> who use any non-existant DNSBL to mark email as spam suddenly has all
> their mails deleted, people using localhost.localdomain.com on their
> servers for administrative purposes are scrambling to find out the cause
> of their problems and DNS problems arise everywhere as neg caching is
> essentially disabled and all DNS caches have to cache each and every
> randomly typed DNS query.
> The BIND patch that prevents this should be released Wednesday.
I hate to muck with a DNS server to fix this problem. And since
I prefer DJBDNS, a BIND patch wouldn't do me any good anyway.
Is it always returning the same IP address, or have any other
noticable characteristics? If so I'd think we could set up
a firewall rule to drop all DNS replies that contain the
Verisign-be-damned IP address. That'd protect everything,
regardless of name server or method of access (using
Brian Hatch "The universe is run by
Systems and the complex interweaving
Security Engineer of three elements: energy,
http://www.ifokr.org/bri/ matter, and enlightened
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20030916/91d670b3/attachment.bin
More information about the list