Some more detailed discussion about the implications of the wildcards. Forwarded with permission from Mark Newton. ----- Forwarded message from Mark Newton ----- Date: Tue, 16 Sep 2003 10:31:24 +0930 From: Mark Newton <newton§atdot.dotat.org> To: sage-au§sage-au.org.au Subject: [SAGE-AU] Verisign hijacks .com and .net List-Id: SAGE-AU discussion list. <sage-au.sage-au.org.au> List-Help: <mailto:sage-au-request§sage-au.org.au?subject=help> This morning Verisign inserted a wildcard A-record into the .com and .net gTLDs. That action counts as the single largest domain-hijacking event in the Internet's history. The offending A-record makes every otherwise non-existant .com and .net domain name resolve to 64.94.110.11. Until half an hour ago that IP address answered HTTP requests with a "You've mistyped a domain, wanna buy it?" kind of page. This breaks anti-spam filters which check to ensure that the sender domain name exists before accepting the mail, because now ALL sender domain names in .com and .net exist as far as the DNS is concerned. It also means that anyone who has failed to redelegate any of their domains after one of their .com or .net nameservers have ceased to exist may now find that some percentage of their email will now bounce. Unsurprisingly, there are efforts afoot in the US to get Verisign to change their mind. Those efforts may be getting some traction, because the HTTP server I mentioned above doesn't appear to be running anymore, and takes 90 seconds or so to time-out instead. Maybe someone has just DDoS'ed it. Who knows? Either way, if any of your users ask you today about why the web seems "wierd", or why some things are taking a long time when they previously worked snappily, or why they're suddenly getting more spam than they're used to, that's the reason. There are discussions on US Network Operations and BIND Development mailing lists about how to react to this. One favoured option right now is to modify BIND so that wildcard responses in gTLDs are replaced with NXDOMAIN before being passed to the client, thereby restoring the functionality which various systems have relied upon until this morning's change. If such a modification to BIND is made, I'd highly recommend upgrading all your namesevers to protect your users from the effects of Verisign's blatant attempt to commercialize typographical errors. - mark [ update: as I typed this, 64.94.110.11 is once again answering HTTP requests with a search engine portal page. Sigh. Further developments will no doubt... well, develop, I guess. ] -------------------------------------------------------------------- I tried an internal modem, newton§atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- ___________________________________________________________________________ The Sage-au mailing list is a member-only service. Postings to this list are made by individual members, and do not necessarily reflect SAGE-AU policy or position. This article may not be reproduced or quoted beyond this forum without written permission of all contributing authors. Further information can be found at http://www.sage-au.org.au/maillist.html ----- End of forwarded message from Mark Newton -----Received on Fri Oct 03 2003 - 00:00:00 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC