Bill Sommerfeld wrote:
> 
> >       do we want this (quickhack) patch into our BIND8?
> >       http://achurch.org/bind8-verisign-patch.txt
> 
> An official patch from ISC is reportedly immanent; see:
> 
>         http://www.washingtonpost.com/wp-dyn/articles/A19860-2003Sep16.html
> 
> and:
> 
>         http://www.wired.com/news/technology/0,1282,60473,00.html
> 
http://www.isc.org/products/BIND/delegation-only.html

Only patches BIND 9, any idea whether how hard it will be to back port 
to 8?


der Mouse wrote:
> 
> > (The tempation being [of course] to just blackhole all the addresses
> > owned by verisign...  :-)
> 
> Those interested in this may wish to look into the
> verisign.blackholes.us DNSL.  (I was just a few hours too slow, or I'd
> have had something similar set up myself.)
> 
Cute.  We (and many other ISPs) quickly dropped a hardcoded blackhole 
into our routers, but it doesn't solve the real problem -- email will 
still queue for days to the bogus DNS address.  

A BIND change is the best, as the bogon address doesn't arrive to the 
other servers and clients (and customers).
--
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32