% dig any rarrarrarrarblah.com. @f.gtld-servers.net.
;; AUTHORITY SECTION: com. 2D IN SOA a.gtld-servers.net. nstld.verisign-grs.com. ( 2003091500 ; serial 30M ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum
Unless I'm missing something here.. Why not just block root servers or nstld.verisign-grs.com being listed as an authority? I can not find any instance where a root server should be listed as an authority.. I've been seeing varying results between .com and .net today. .net *always* has the root servers listed as its authoratitive servers .com sometimes does.. but often its just listing: ;; AUTHORITY SECTION: com. 172800 IN SOA a.gtld-servers.net. nstld.verisi gn-grs.com. 2003091500 1800 900 604800 86400 Blocking the Answer response isn't going to work, as you know they'll change the IP.. However, one crappy thing for them.. When kids start DoS'ing the verisign IP. hey can just pick any domain they feel like that doesn't exist, and hard code it.
From the news, Micrsoft and AOL are both fairly upset of their.. I imagine Google probably will be too, since Verisign is teaming with Yahoo on this one, and Yahoo is trying to revive their own engine and stop using google.
Anyhow.. What am I missing about this fix.. why won't this work?