Verisign bogosity
Remco Barendse
mailscanner at BARENDSE.TO
Tue Sep 16 14:58:30 IST 2003
I have created a firewall rule that silently drops all packets sent to
this ip.
Mail seems to be flowing normally and all fake .com crap is still
rejected.
On Tue, 16 Sep 2003, Jeff A. Earickson wrote:
> Gang,
> Hold that thought... I added 64.94.110.11 to my blackhole list,
> and things slowly ground to a halt over the next hour. Hmmm..
> I had to back this out of my DNS. Wonder why it didn't work?
> I have notified Verisign that I won't be renewing my certs with
> them in October.
>
> --- Jeff Earickson
>
> On Tue, 16 Sep 2003, Jeff A. Earickson wrote:
>
> > Date: Tue, 16 Sep 2003 08:40:09 -0400
> > From: Jeff A. Earickson <jaearick at colby.edu>
> > Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Verisign bogosity
> >
> > Gang,
> >
> > If you run a modern version of bind, simply blackhole the
> > Verisign number. This is what I have in my bind boot files:
> >
> > #---blackhole queries from RFC1918 private addresses
> > #---routes to them are never advertised, so don't waste time
> > #---see p. 284, DNS&Bind version 4
> > #---64.94.110.11 is Verisign's bogus server.
> > blackhole {
> > 10/8;
> > 172.16/12;
> > 192.168/16;
> > 64.94.110.11;
> > };
> >
> > I've changed my bind configs to do this, I suggest this ASAP.
> >
> > -----------------------------------
> > Jeff A. Earickson, Ph.D
> > Senior UNIX Sysadmin and Email Guru
> > Information Technology Services
> > Colby College, 4214 Mayflower Hill,
> > Waterville ME, 04901-8842
> > phone: 207-872-3659 (fax = 3076)
> > -----------------------------------
> >
>
More information about the MailScanner
mailing list