[Dshield] Re: Verisign abusing .COM/.NET monopoly, BIND releases new
doug at clickdoug.com
Wed Sep 17 23:26:21 GMT 2003
It could be the wholesale move of domains away from them that may have gotten
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
If you are not satisfied with my service, my job isn't done!
----- Original Message -----
From: "D. Ian Miller" <miller at ucalgary.ca>
To: "Jose Nazario" <jose at monkey.org>
Cc: <full-disclosure at lists.netsys.com>; "Thor Larholm" <thor at pivx.com>;
"NTBugtraq" <NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>; <bugtraq at securityfocus.com>;
<list at dshield.org>
Sent: Wednesday, September 17, 2003 5:44 PM
Subject: [Dshield] Re: Verisign abusing .COM/.NET monopoly, BIND releases new
| FYI ... looks like Verisign has pulled the wildcard A record as we have
| not patched but invalid domain searches no longer go to verisign ...
| sitefinder-idn.verisign.com is no longer responding to queries ... maybe
| someone got the message ... wonder how they will explain this one ...
| Jose Nazario wrote:
| >a number of options exist to help you remedy this issue:
| > - bind 9.2.3rc2 supports "delegation-only", stopping some
| > wildcard implementations from making any difference
| >if you simply want to stop traffic getting there (they are running a
| >website and a partially functional MTA on that IP):
| > - you can BGP null route this
| > http://www.merit.edu/mail.archives/nanog/msg13715.html
| > - cisco's NBAR functionality may be used to detect and block those
| > reply packets from coming in by looking for the response from
| > the nameservers.
| >note that this wont stop the query from reaching verisign, it will just
| >stop you from going to that IP. however, for some enforcing network
| >privacy concerns, that may be worthwhile.
| >hope this helps,
| >jose nazario, ph.d. jose at monkey.org
| > http://monkey.org/~jose/
| D. Ian Miller }8-)
| Systems Analyst
| Information Technologies
| University of Calgary
| W: 403.220.8643
| M: 403.605.9856
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
More information about the list