Verisign bogosity <OT>

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Sep 16 15:00:39 IST 2003


Jeff
I've had the same thing over the last week or so.

Monday (yesterday) noon- 1pm GMT
last week Wed 4-5pm GMT

DNS failures all over the place, .co.uk, .com .org everything then bang
everythings worked again.

Hupped bind, restarted DNS servers no effect...really odd...
But I suspect versign have been messing for a while as do others on nanog.



--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
+44 (0)1865 842300

Jeff A. Earickson wrote:

> Gang,
>    Hold that thought...  I added 64.94.110.11 to my blackhole list,
> and things slowly ground to a halt over the next hour.  Hmmm..
> I had to back this out of my DNS.  Wonder why it didn't work?
> I have notified Verisign that I won't be renewing my certs with
> them in October.
>
> --- Jeff Earickson
>
> On Tue, 16 Sep 2003, Jeff A. Earickson wrote:
>
>
>>Date: Tue, 16 Sep 2003 08:40:09 -0400
>>From: Jeff A. Earickson <jaearick at colby.edu>
>>Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Verisign bogosity
>>
>>Gang,
>>
>>If you run a modern version of bind, simply blackhole the
>>Verisign number.  This is what I have in my bind boot files:
>>
>>    #---blackhole queries from RFC1918 private addresses
>>    #---routes to them are never advertised, so don't waste time
>>    #---see p. 284, DNS&Bind version 4
>>    #---64.94.110.11 is Verisign's bogus server.
>>    blackhole {
>>        10/8;
>>        172.16/12;
>>        192.168/16;
>>        64.94.110.11;
>>    };
>>
>>I've changed my bind configs to do this, I suggest this ASAP.
>>
>>-----------------------------------
>>Jeff A. Earickson, Ph.D
>>Senior UNIX Sysadmin and Email Guru
>>Information Technology Services
>>Colby College, 4214 Mayflower Hill,
>>Waterville ME, 04901-8842
>>phone: 207-872-3659 (fax = 3076)
>>-----------------------------------
>>





**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************



More information about the MailScanner mailing list