James Rishaw <jamie@dilbert.ais.net> writes:
You can actually set a domain name so that it cannot be changed, by any template, by any modification, correct guardian or NOT. I would ass-u-me AOL did this, but obviously their DNS admins aren't clued enough to figure this one out. Tiem to hire people that know *all* of what they're supposed to do, not just what they read out of an ORA book.
Um, as anyone who's dealt with NSI on a non-casual level can tell you, it's entirely possible that AOL had Guardian set up to disallow any changes, as well as having the domain ``locked'' against any email changes at all, and still have an unauthorized change occur. This is *not* the first time a service-interrupting unauthorized DNS change (deliberate or accidental) has slipped through NSI, though this is almost definitely the biggest network to be affected. And, two years later, the BEFORE-USE Guardian attribute *still* doesn't work, natch. ObUsefulInformation: zone "aol.com" { type stub; file "zones/stub-aol.com"; masters { 152.163.200.52; 152.163.200.116; }; }; [ Only works in BIND 8, but why are you still running 4.9.* anyway? You can't put this into IOS, but you can put this into the nameservers that your router uses... :) ]