[unisog] Verisign Resolving NXDOMAIN (fwd)

Matt Goebel goebel at emunix.emich.edu
Fri Sep 19 13:29:09 GMT 2003


--- In reply to message from Dawn Keenan ---
> 
> If you follow comp.protocols.dns.bind or subscribe to the bind-announce
> mailing list, you'll be aware that ISC has come out with a patch that
> allows you to add something like
> 
> 	zone "com" in { type delegation-only; };
> 	zone "net" in { type delegation-only; };
> 
> to your named.conf file.  The only complaint I have with the patch
> is that it logs every failed lookup as "enforced delegation-only for
> 'COM' (verisignisfullofmonkeys.com)" with a priority of ISC_LOG_NOTICE,
> but I've updated that locally to ISC_LOG_INFO (the file to update is
> lib/dns/resolver.c) to make our log watchers a little happier.

  At least in the release candidate version they added another logging
category "delegation-only", so you just set them up to get tossed.

Matt Goebel

--- end forwarded message from Dawn Keenan ---

-- 
Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris
Neo-Student, Net Lurker, Donut consumer, and procrastinating Furry Fan.
 "Always with the negative waves, Moriarty" - Oddball
 "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer



More information about the unisog mailing list