---------- Original Message ----------- From: "Mark Tinka" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wed, 17 Sep 2003 18:32:31 +0300 Subject: RE: lug_: DNS and verisign -- all .COMs now exist
> The thing is everyone knew Verisign had been planning this for a > long time; but I guess Verisign sprang it on the community while > they were sleeping. The fact they have significant participation in > the world's DNS system, doens't help any. > > I mean, what gives them the right. Now we have to write an RFC to manage > another RFC (sigh). > > Regards, > > Mark Tinka - CCNP > Network Engineer, Africa Online Uganda > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul > Bagyenda > Sent: Wednesday, September 17, 2003 5:12 PM > To: [EMAIL PROTECTED] > Subject: Re: lug_: DNS and verisign -- all .COMs now exist > > Well at least somebody is significantly making ISPs views known. > > P. > > http://www.wired.com/news/technology/0,1282,60473,00.html > > On Wednesday, Sep 17, 2003, at 08:25 Africa/Kampala, Mark Tinka wrote: > > This is a disaster! > > Regards, > > Mark Tinka - CCNP > Network Engineer, Africa Online Uganda > Some of the RFCs that Verisign is explicitly violating RFC 821 (old SMTP), RFC 822 (ARPA text messages), RFC 2142(email) RFC 2821 (new SMTP) >From RFC 2821, "If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host." In addition to null routing the that sitefinder.verisign.com ip address on the backbone router as Patrick proposed, you can null route them on your linux servers using route add host 64.94.110.11 127.0.0.1 1 Just in, there is some good news.ISC has released a patch for bind that will deal explicitly with this delegation of wildcard domains.Read more about it at http://www.isc.org/products/BIND/delegation-only.html kenneth --------------------------------------------- This service is hosted on the Infocom network http://www.infocom.co.ug
