[unisog] Verisign Resolving NXDOMAIN

Dawn Keenan dkeenan at ist.uwaterloo.ca
Wed Sep 17 20:52:03 GMT 2003

If you follow comp.protocols.dns.bind or subscribe to the bind-announce
mailing list, you'll be aware that ISC has come out with a patch that
allows you to add something like

	zone "com" in { type delegation-only; };
	zone "net" in { type delegation-only; };

to your named.conf file.  The only complaint I have with the patch
is that it logs every failed lookup as "enforced delegation-only for
'COM' (verisignisfullofmonkeys.com)" with a priority of ISC_LOG_NOTICE,
but I've updated that locally to ISC_LOG_INFO (the file to update is
lib/dns/resolver.c) to make our log watchers a little happier.

I'm much happier than I was first thing this morning, as are our
primary and secondary name servers (and probably our mail servers,
though I haven't conducted a poll of their opinions or health today).

Dawn Keenan
Information Systems and Technology, University of Waterloo
Waterloo ON Canada

