Full Disclosure mailing list archives
Re: Verisign abusing .COM/.NET monopoly, BIND releases new
From: Brian Hatch <full-disclosure () ifokr org>
Date: Tue, 16 Sep 2003 22:28:18 -0700
This is simply amazing, Verisign has just turned the .COM and .NET TLD DNS servers up-side-down for their own economical gain and, in doing so, disrupted network traffic for most of the Internet. Mail administrators who use any non-existant DNSBL to mark email as spam suddenly has all their mails deleted, people using localhost.localdomain.com on their servers for administrative purposes are scrambling to find out the cause of their problems and DNS problems arise everywhere as neg caching is essentially disabled and all DNS caches have to cache each and every randomly typed DNS query. The BIND patch that prevents this should be released Wednesday.
I hate to muck with a DNS server to fix this problem. And since I prefer DJBDNS, a BIND patch wouldn't do me any good anyway. Is it always returning the same IP address, or have any other noticable characteristics? If so I'd think we could set up a firewall rule to drop all DNS replies that contain the Verisign-be-damned IP address. That'd protect everything, regardless of name server or method of access (using host/nslookup/etc manually.) -- Brian Hatch "The universe is run by Systems and the complex interweaving Security Engineer of three elements: energy, http://www.ifokr.org/bri/ matter, and enlightened self-interest." Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new, (continued)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Joshua Levitsky (Sep 16)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Craig Pratt (Sep 20)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Jonathan A. Zdziarski (Sep 20)
- RE: [spam] Re: Verisign abusing .COM/.NET monopoly, BIND releases new Exibar (Sep 20)
- Re: [spam] Re: Verisign abusing .COM/.NET monopoly, BIND releases new Samurai (Sep 21)
- Re: [spam] Re: Verisign abusing .COM/.NET monopoly, BIND releases new Vincent (Sep 21)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Joshua Levitsky (Sep 16)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Michael J McCafferty (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Kilian CAVALOTTI (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Jonathan A. Zdziarski (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Michael Renzmann (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Christopher Kruslicky (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Jonathan A. Zdziarski (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new D. Ian Miller (Sep 17)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Ron DuFresne (Sep 17)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Joshua Levitsky (Sep 17)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Jonathan A. Zdziarski (Sep 18)