Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking?And whats to say they don't get around our methods of blacklisting it by changing the IP around every zone update? -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Valdis.Kletnieks@vt.edu Sent: Tuesday, September 16, 2003 2:18 PM To: bmanning@karoshi.com Cc: bownes@web9.com; gmaxwell@martin.fl.us; haesu@towardex.com; marius@marius.org; nanog@merit.edu Subject: Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? On Tue, 16 Sep 2003 11:08:11 PDT, bmanning@karoshi.com said:
On Tue, 16 Sep 2003 09:59:40 PDT, bmanning@karoshi.com said:
thats one aspect yes. the valdiation chain should tell you who signed the delegations. It won't lie. you will know that V'sign put that data there.
How frikking many hacks will we need to BIND9 to work around this braindamage? One to stuff back in the NXDomain if the A record points there, another to do something with make-believe DNSsec from them..... What's next?