i just got done reading http://news.com.com/2008-7347_3-5092590.html, so now at least i know why my phone was ringing so much earlier today. anyway, ken@cnet.com (ken emery) quotes me as saying...
let me just emphasize that the default is OFF. BIND doesn't break sitefinder; nameserver adminstrators break sitefinder. be mindful of that difference!
and then adds:
Paul, you've just bought into the Verisign propaganda here.
The BIND modification does NOTHING to break Sitefinder. One can still go to http://sitefinder.verisign.com/ and use the web page without any interference from BIND. What the latest release does is to break the redirection of RCODE 3 to http://sitefinder.verisign.com/. It is just semantics, but there is a HUGE difference.
ken is right and i apologize for the confusion. most of the early patches to bind8 and djbdns that i saw were dependent on the sitefinder address, and as such, would have enabled nameserver administrators to break _sitefinder_. isc's patches for bind9 enable nameserver administrators to break only the _redirection_ to sitefinder. -- Paul Vixie