bmw
September 16th, 2003, 09:45
As of last night, Verisign has changed their DNS servers to return an IP rather than "not found" when you lookup an address that doesn't exist. If you do an nslookup on "verisignarecompletebastards.com" you get 64.94.110.11. This address returns a "search page" (thinly diguised advertising) to a web browser.

See http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99

But worse, it hurts anti-spam measures. Modern MTAs will check that the sender's domain exists before accepting it. If it isn't real, you can't reply to it, so it's 99.99% certain to be spam. Now, all addresses in .com and .net appear to be real.

The best defense against this appears to be to hack the DNS resolvers and/or their libraries to return a not-found result if the returned address happens to match the IP(s) for "sitefinder*.verisign.com".

Russell Nelson has hacked djbdns already ...

From: Russell Nelson <nelson@crynwr.com>
Date: Mon, 15 Sep 2003 23:38:19 -0400
To: qmail list <qmail@list.cr.yp.to>, dns@list.cr.yp.to
Subject: Re: Verisign adds wildcards

Russell Nelson writes:
> Working on a patch to djbdns that rejects A records that resolve to
> 64.94.110.11. Returns NXDOMAIN.

Got it.

http://tinydns.org/djbdns-1.05-ignoreip.patch



Work is underway on BIND 8.

soup4you2
September 17th, 2003, 10:15
HAHA

http://www.userfriendly.org/cartoons/archives/03sep/uf005937.gif

hugh nicks
September 17th, 2003, 11:27
Ha!
user friendly is great! i still use the expression PEBKAC to this day! people look at me like i'm trying to pass them the pipe! for those who don't know, the 'problem exists between the keyboard and chair'.

-hn

bmw
September 18th, 2003, 08:47
VeriSlime is showing signs of backing down ...

http://www.smh.com.au/articles/2003/09/18/1063625123998.html

bmw
September 18th, 2003, 09:33
Here's an online petition, if you're so inclined ...

http://www.petitiononline.com/icanndns/petition.html