BIND9 isn't the only game in town... Here's something from bugtraq Worth noting (although a bit OT for php-general) that versign mananged to introduce a nice little XSS w/ this- see full-disclosure list for details
-Evan ---------- Forwarded Message ---------- Subject: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Date: Wed, 17 Sep 2003 18:19:32 -0400 (EDT) From: Damaged Industries <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] On Wed, 17 Sep 2003, SR wrote: > > This is simply amazing, Verisign has just turned the .COM and .NET TLD > > DNS servers up-side-down for their own economical gain and, in doing so, > > disrupted network traffic for most of the Internet. Mail administrators > > who use any non-existant DNSBL to mark email as spam suddenly has all > > their mails deleted, people using localhost.localdomain.com on their > > servers for administrative purposes are scrambling to find out the cause > > of their problems and DNS problems arise everywhere as neg caching is > > essentially disabled and all DNS caches have to cache each and every > > randomly typed DNS query. > > > > The BIND patch that prevents this should be released Wednesday. > > djbdns already has a patch (make that two patches). > > They are available from djbdns.org Several patches have been out: Bind9 patch: http://www.isc.org/products/BIND/delegation-only.html Bind8 patch: http://achurch.org/bind-verisign-patch.html Djbdns patch: http://tinydns.org/djbdns-1.05-ignoreip.patch PowerDNS patch: http://www.imperialviolet.org/binary/powerdns.patch Userfriendly :) http://ars.userfriendly.org/cartoons/?id=20030917&mode=classic ---- -- damaged ------------------------------------------------------- On Wednesday 17 September 2003 04:31 pm, Jennifer Goodie wrote: > > > I have a section of my script where I call gethostbyname($hostname) . > > > For some host names that are not registered (according to register.com) > > > I am still getting an IP address returned? > > > > > > What is happening? > > > > Well, try only the toplevel domain... For example, I have like > > hns345667dsvdtrt34.telia.com, I doubt that is registred, but > > telia.com sure > > is... I hope.. :S > > telia.com is a second level, not a top level, .com is the top level in your > example. Also, only looking up the second level is a bad idea. In many > cases the third level is actually being used to signify something (the > host). All of the hosts in our server farm use the same second level, but > the third level signifies which box I'm talking about. If I do an nslookup > on my second level I'm going to get the IP bound to the webserver that > hosts the corporate site (because that's how we have it set up), but if I > do an nslookup on servername.domain.com (servername being the name of one > of the servers in our farm) I'm going to get the IP for the host designated > by servername. For example, ftb.ca.gov (California franchise tax board) is > not the same as dot.ca.gov (California Dept. of Transportation) which is > not the same as cdfa.ca.gov (department of food and agriculture), but they > all fall under the ca.gov second level because they are all government > offices for the state of California, which falls under the .gov top level > because it is a government branch within the United States. > > To answer the original question, verisign has decided it is a good idea to > wildcard the .com and .net TLDs to point to http://sitefinder.verisign.com, > so if you do a look up on a non-existant domain in those TDLs it will now > give an IP. I believe a BIND patch has already been released to negate > this change. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php