tech-net: Re: verisign *.net action

Subject: Re: verisign *.net action
To: None <tech-net@netbsd.org>
From: Wolfgang S. Rupprecht <wolfgang+gnus20030917T064758@wsrcc.com>
List: tech-net
Date: 09/17/2003 06:54:26

>	http://achurch.org/bind8-verisign-patch.txt

        ftp://ftp.isc.org/isc/bind9/9.2.2/patch.9.2.2-P1

This patch applies to the pkgsrc version of bind9
(/usr/pkgsrc/net/bind9).  Then add the following to the named.conf
file and restart:

//
// start verislime fixups  (needs 9.2.2-P1)
//

zone "com" {
	type delegation-only;
};

zone "net" {
	type delegation-only;
};

zone "org" {
	type delegation-only;
};

//
// end verislime fixups (needs 9.2.2-P1)
//


Then sit back and chuckle at all the logfile entries that your named
is no longer accepting hijack entries for.

Sep 17 06:38:22 capsicum named[14828]: enforced delegation-only for 'COM' (www.verisignsucksthebigoneXXX.com)
Sep 17 06:43:24 capsicum named[14828]: enforced delegation-only for 'COM' (exchange.desginmentor.com)

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/