Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking SiteFinder Service

Posted by timothy on Wednesday September 24, 2003 @05:54AM from the masking-tape-on-monitor dept.

apankrat writes "Given VeriSign's position on wildcard redirection service, it looks like it's time for a simplier and more efficient ways of bringing things back to where they were. For those running BIND there is a patch; for those on the client side - there is a dnsfix for Windows and the usual iptables hackery under Linux. Aware of any other clean and easy ways to block wildcarding ? Post below."

1 of 38 comments (clear)

Min score:

Reason:

Sort:

do NOT blackhole/block 64.94.110.11! by graf0z · 2003-09-24 07:00 · Score: 5, Informative
... because then mails to mistyped domains will end up waiting in MTA-queues instead of being bounced immediately (some other protocols may have weird behaviour, too). Instead:
- Read this and this before you panic
- ask your ISP for patching bind (or whatever ns-software they use)
- install a patched bind (djbdns, ...) locally as a caching dns
- if you have no chance of using a patched nameserver (why that?), you may reject (not: drop) 64.94.110.11:80/tcp only and install one of those patches to your MTA (postfix, sendmail, ...)
- if you are customer of verisign, ask them for suspending their new "service"
/graf0z.