And then Verisign starts using multiple IP addresses and rotating through them. And then they stop giving any other clues that it is a wildcard record. Great. Just what we need... To be in an escalating war with the people running the root nameservers. Since it is clearly in Verisign's business interest to make it impossible for you to tell when you've been handed one of the wildcard replies, I don't see this stopping any time soon. Matthew Kaufman matthew@eeph.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Tomas Lund Sent: Monday, September 15, 2003 6:14 PM To: Chris Adams Cc: nanog@merit.edu Subject: Re: What *are* they smoking?
On Mon, 15 Sep 2003, Chris Adams wrote:
It appears that the most reliable way to detect a wildcard response for 'somedomain.tld' is to query for '*.tld'; if the results match, then 'somedomain.tld' doesn't really exist.
Just make up a number of fake domains and resolve them. If they return the same answer, thats the answer to change back into NXDOMAIN.
//tlund