Verisign bogosity
Jeff A. Earickson
jaearick at COLBY.EDU
Tue Sep 16 13:40:09 IST 2003
Gang,
If you run a modern version of bind, simply blackhole the
Verisign number. This is what I have in my bind boot files:
#---blackhole queries from RFC1918 private addresses
#---routes to them are never advertised, so don't waste time
#---see p. 284, DNS&Bind version 4
#---64.94.110.11 is Verisign's bogus server.
blackhole {
10/8;
172.16/12;
192.168/16;
64.94.110.11;
};
I've changed my bind configs to do this, I suggest this ASAP.
-----------------------------------
Jeff A. Earickson, Ph.D
Senior UNIX Sysadmin and Email Guru
Information Technology Services
Colby College, 4214 Mayflower Hill,
Waterville ME, 04901-8842
phone: 207-872-3659 (fax = 3076)
-----------------------------------
More information about the MailScanner
mailing list