I have not tried this but After reading Paul Vixie's recent comments I intend to do so. _____ Douglas Denault doug@safeport.com Voice: 301-469-8766 Fax: 301-469-0601 ---------- Forwarded message ---------- Date: Wed, 17 Sep 2003 18:19:32 -0400 (EDT) From: Damaged Industries <damaged@damaged.no-ip.com> To: bugtraq@securityfocus.com Subject: Re: Verisign abusing .COM/.NET monopoly, BIND releases new On Wed, 17 Sep 2003, SR wrote:

...

This is simply amazing, Verisign has just turned the .COM and .NET TLD DNS servers up-side-down for their own economical gain and, in doing so, disrupted network traffic for most of the Internet. Mail administrators who use any non-existant DNSBL to mark email as spam suddenly has all their mails deleted, people using localhost.localdomain.com on their servers for administrative purposes are scrambling to find out the cause of their problems and DNS problems arise everywhere as neg caching is essentially disabled and all DNS caches have to cache each and every randomly typed DNS query.

The BIND patch that prevents this should be released Wednesday.

djbdns already has a patch (make that two patches).

They are available from djbdns.org

Several patches have been out: Bind9 patch: http://www.isc.org/products/BIND/delegation-only.html Bind8 patch: http://achurch.org/bind-verisign-patch.html Djbdns patch: http://tinydns.org/djbdns-1.05-ignoreip.patch PowerDNS patch: http://www.imperialviolet.org/binary/powerdns.patch Userfriendly :) http://ars.userfriendly.org/cartoons/?id=20030917&mode=classic ---- -- damaged