 |
 |
 |
|
|
> BIND 9 Patch
This is a patch designed for BIND 9.2.2, but it may work with other versions (see below). News update: ISC's official BIND 9 patch now available here It is supposed to counter a really rotten new idea Verisign/NetSol has implemented that results in every unregisted domain being resolved to an IP within their network. The result of this is:
This patch counters this by making all queries that have a VeriSign IP in their answer section a non-reply, returning an error, as if the domain didn't resolve. Www.VeriSign.com still resolves though ;) It is my fond hope that VeriSign will remove this "service" as soon as possible. If they do not, then I guess a full black hole mechanism has to be implemented in BIND. Usage: Enter the BIND 9 source directory and type Disclaimer: THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Update: The patch no longer returns DNS_R_BLACKHOLED. Although that has a certain something, obviously most users are more comfortable with NXDOMAIN, so that's what the server returns now. Also, I just tested the patch with BIND 9.2.3rc1 and it seems to work just as well. Download: Get the patch here Contact: info at carangul dot com |
|
