Verisign bogosity
Jeff A. Earickson
jaearick at COLBY.EDU
Tue Sep 16 14:51:51 IST 2003
Gang,
Hold that thought... I added 64.94.110.11 to my blackhole list,
and things slowly ground to a halt over the next hour. Hmmm..
I had to back this out of my DNS. Wonder why it didn't work?
I have notified Verisign that I won't be renewing my certs with
them in October.
--- Jeff Earickson
On Tue, 16 Sep 2003, Jeff A. Earickson wrote:
> Date: Tue, 16 Sep 2003 08:40:09 -0400
> From: Jeff A. Earickson <jaearick at colby.edu>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Verisign bogosity
>
> Gang,
>
> If you run a modern version of bind, simply blackhole the
> Verisign number. This is what I have in my bind boot files:
>
> #---blackhole queries from RFC1918 private addresses
> #---routes to them are never advertised, so don't waste time
> #---see p. 284, DNS&Bind version 4
> #---64.94.110.11 is Verisign's bogus server.
> blackhole {
> 10/8;
> 172.16/12;
> 192.168/16;
> 64.94.110.11;
> };
>
> I've changed my bind configs to do this, I suggest this ASAP.
>
> -----------------------------------
> Jeff A. Earickson, Ph.D
> Senior UNIX Sysadmin and Email Guru
> Information Technology Services
> Colby College, 4214 Mayflower Hill,
> Waterville ME, 04901-8842
> phone: 207-872-3659 (fax = 3076)
> -----------------------------------
>
More information about the MailScanner
mailing list