Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking SiteFinder Service

Posted by timothy on Wednesday September 24, 2003 @05:54AM from the masking-tape-on-monitor dept.

apankrat writes "Given VeriSign's position on wildcard redirection service, it looks like it's time for a simplier and more efficient ways of bringing things back to where they were. For those running BIND there is a patch; for those on the client side - there is a dnsfix for Windows and the usual iptables hackery under Linux. Aware of any other clean and easy ways to block wildcarding ? Post below."

1 of 38 comments (clear)

Min score:

Reason:

Sort:

Re:Evil, evil, evil by graf0z · 2003-09-24 07:45 · Score: 4, Insightful

The only concern I have with ISC's fix to BIND is that they just filter for that one IP address (64.94.110.11)... all Verisign has to do is change the IP in their wildcard A-record and we'll be back to square one.
wrong
You are talking about one of those on-the-fly patches released by some pissed-of admin on the same day. The ISC-patch allows you to say "the following zone are only allowed to have delegations" (like NS-records), all other data (like A-records) are ignored. That's exactly the behaviour You expect from a TLD.
Of course verisign could get around that (by putting a windcard NS-record into their TLDs), but that would be really offensive. Let's see if they will go that far ...
/graf0z.