Bill Moseley wrote: > Sorry if this is old news. > > One more reason not to like Verisign: > > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99 > > So Verisign added DNS wildcards for .com and .net -- No wonder I started > getting more spam lately -- my checks for a valid domains were disabled > by Verisign's action. > > I see fixes on Exim's list for exim4. Looks like it's finally time for > me to install exim4 on my Stable machines. Unless someone has an Exim3 > suggestion. > > Wildcard resolving at TLD seems like a really bad idea and taking > advantage of their position.
In the short term, you can patch your DNS server to avoid verisin's stupidity. http://www.imperialviolet.org/dnsfix.html has patches for most DNS servers, all hard-code the current IP address of verisign's server, so will have to be kept up-to-date when they begin to move it around. Which they probably will soon, since it is already null-routed in many places. (NB: Null routing does not avoid all problems.) Hmm, that page just grew an interesting quote: '"You might want to let folks know that ISC is working on this issue now, and they will have a more general solution to the problem."' There's some more good information on the NANOG list about this whole mess and the many problems it will cause. One good article: http://www.merit.edu/mail.archives/nanog/msg13666.html -- see shy jo
pgp00000.pgp
Description: PGP signature
