Verisign bogosity
John Rudd
jrudd at UCSC.EDU
Tue Sep 16 17:15:25 IST 2003
someone is also developing a bind patch that answers 'non existant
domain' if the answer is 64.94.110.11.
On Tuesday, Sep 16, 2003, at 05:40 US/Pacific, Jeff A. Earickson wrote:
>
> Gang,
>
> If you run a modern version of bind, simply blackhole the
> Verisign number. This is what I have in my bind boot files:
>
> #---blackhole queries from RFC1918 private addresses
> #---routes to them are never advertised, so don't waste time
> #---see p. 284, DNS&Bind version 4
> #---64.94.110.11 is Verisign's bogus server.
> blackhole {
> 10/8;
> 172.16/12;
> 192.168/16;
> 64.94.110.11;
> };
>
> I've changed my bind configs to do this, I suggest this ASAP.
>
> -----------------------------------
> Jeff A. Earickson, Ph.D
> Senior UNIX Sysadmin and Email Guru
> Information Technology Services
> Colby College, 4214 Mayflower Hill,
> Waterville ME, 04901-8842
> phone: 207-872-3659 (fax = 3076)
> -----------------------------------
More information about the MailScanner
mailing list