Joey Hess <joeyh@debian.org> [2003:09:16:16:54:01-0400] scribed: > Bill Moseley wrote: <snip /> > In the short term, you can patch your DNS server to avoid verisin's > stupidity. http://www.imperialviolet.org/dnsfix.html has patches for > most DNS servers, all hard-code the current IP address of verisign's > server, so will have to be kept up-to-date when they begin to move it > around. Which they probably will soon, since it is already null-routed > in many places. (NB: Null routing does not avoid all problems.) This has become a more general problem than just Verisign: dnsqr a *.nu answer: \052.nu 86375 A 64.55.105.9 answer: \052.nu 86375 A 212.181.91.6 dnsqr a *.com answer: \052.com 167 A 64.94.110.11 dnsqr a *.net answer: \052.net 211 A 64.94.110.11 dnsqr a *.ac answer: \052.ac 86376 A 194.205.62.122 dnsqr a *.museum answer: \052.museum 156 A 195.7.77.20 dnsqr a *.cc answer: \052.cc 3577 A 206.253.214.102 dnsqr a *.cx answer: \052.cx 86378 A 219.88.106.80 dnsqr a *.tm answer: \052.tm 86378 A 194.205.62.42 dnsqr a *.ws answer: \052.ws 10779 A 216.35.187.246 -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
pgpqeMzuSl5EN.pgp
Description: PGP signature