Re: Debian + Verisign's .com/.net hijack

To: debian-security@lists.debian.org
Subject: Re: Debian + Verisign's .com/.net hijack
From: Arthur de Jong <arthur@tiefighter.et.tudelft.nl>
Date: Wed, 17 Sep 2003 14:04:03 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.44.0309171359330.2717-100000@ch.its.tudelft.nl>
In-reply-to: <[🔎] 20030917103246.GG25474@net-track.ch>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> While the "first generation" patches work with hardcoded values, there
> are others that are much more general. Check the link of the ISC patch
> for a description:
>
>   http://www.isc.org/products/BIND/delegation-only.html

This will only work for a little while as a colleague of mine noted. This
will block
  *   IN   A   64.94.110.11
but not
  *   IN   NS  64.94.110.11
which is a valid delegation. The 64.94.110.11 nameserver should then only
return 64.94.110.11 for all requests for A records.

- -- arthur - arthur@tiefighter.et.tudelft.nl - http://tiefighter.et.tudelft.nl/~arthur --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE/aE23VYan35+NCKcRAsu1AKDTcrzQ664BAeERJjQ0gM/g/XEkdwCgrL7Z
0QCNqEsJooAzYP5oNtraSmU=
=4xx8
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Debian + Verisign's .com/.net hijack
  - From: Joey Hess <joeyh@debian.org>

References:
- Re: Debian + Verisign's .com/.net hijack
  - From: Oliver Hitz <oliver@net-track.ch>

Prev by Date: Re: Debian + Verisign's .com/.net hijack
Next by Date: security updates vs. proposed-updates
Previous by thread: Re: Debian + Verisign's .com/.net hijack
Next by thread: Re: Debian + Verisign's .com/.net hijack
Index(es):
- Date
- Thread