I have been following the various threads relating to Verisign and wanted to make one comment that I feel has been missing. Simply put, I would like to publicly express my appreciation to Mr. Vixie for taking the time to add the "root-delegation-only" patch for Bind. I'm fairly new to NANOG, but I'm sure that others beside myself also feel a thank you is appropriate.
thanks for those kind words, but rapid response of this kind is one of our obligations to the bind forum, and it's only because of our members that we're able to serve the community in this way. btw: here's the short term results of me deploying root-delegation-only on my personal mail server at home: Sep 20 22:06:25 named: enforced delegation-only for 'com' (ok61930.com) Sep 20 22:06:25 named: enforced delegation-only for 'com' (ok61930.com) Sep 20 22:08:23 named: enforced delegation-only for 'com' (helimore574.com) Sep 20 22:08:23 named: enforced delegation-only for 'com' (helimore574.com) Sep 20 22:08:42 named: enforced delegation-only for 'com' (netscape1008.com) Sep 20 22:08:43 named: enforced delegation-only for 'com' (netscape1008.com) Sep 20 22:16:02 named: enforced delegation-only for 'com' (aagf91512.com) Sep 20 22:16:02 named: enforced delegation-only for 'com' (aagf91512.com) Sep 20 23:11:48 named: enforced delegation-only for 'com' (ok62928.com) Sep 20 23:11:48 named: enforced delegation-only for 'com' (ok62928.com) Sep 20 23:14:51 named: enforced delegation-only for 'com' (2mails235.com) Sep 20 23:14:51 named: enforced delegation-only for 'com' (2mails235.com) Sep 20 23:19:44 named: enforced delegation-only for 'com' (gratis-gratiss.com) Sep 20 23:19:44 named: enforced delegation-only for 'com' (gratis-gratiss.com) Sep 20 23:31:22 named: enforced delegation-only for 'com' (bosfvp.com) Sep 20 23:31:22 named: enforced delegation-only for 'com' (bosfvp.com) Sep 20 23:31:26 named: enforced delegation-only for 'com' (xvarnf.com) Sep 20 23:31:27 named: enforced delegation-only for 'com' (xvarnf.com) Sep 20 23:31:31 named: enforced delegation-only for 'com' (abdknt.com) i send this just in case anyone doubts that spammers forge sources. after the wildcard went in and before i deployed root-delegation-only at home, those would have been spams reaching my inbox. this is not much compared to a real mail server, but it is after all just my family here. (and i can assure you all that nobody typo'd the above domain names here.)