[Gllug] re: BIND patch for Versign 'site-finder' problem

Nix nix at esperi.demon.co.uk
Tue Sep 23 23:03:37 UTC 2003


On Mon, 22 Sep 2003, t. clarke stipulated:
> It seems the only drawback with this is that all Verisign have to do is to
> 'delegate' all non-existent domains to a second-level nameserver of their
> choice and the patch no longer works,  eg
> users nameserver queries for www.non-existent.com
> .com nameserver returns namesever address for non-existent.com as
>   non-domain-server.com
> user nameserver re-queries non-domain-server.com
> non-domain-server.com returns site-finder IP address etc
> 
> Presumably if they are sufficuemtly bloody-minded they will do just that !

If they do that they'll trigger bugs in DNS implementations all over the
globe. Wildcard NS records are really tricky to get right.

They'll probably try it, and cause even more problems than they are
already :(

-- 
`I treat debconf as a hostile imperialist agent.  "ALL CONFIGS YOURS
 NOW CONFIGS OURS ARE."' --- Stephen J. Turnbull

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list