Article: 14183 of ba.internet Sender: wolfgang@capsicum.wsrcc.com Newsgroups: ba.internet,news.admin.net-abuse.email,comp.mail.sendmail,alt.comp.mail.postfix Subject: Re: Blocking Verisign's new wildcard DNS record References: <3phbkb.u2a.ln@relay.techsell.ru> From: wolfgang+gnus20030917T233051@dailyplanet.wsrcc.com (Wolfgang S. Rupprecht) X-Loop: Organization: W S Rupprecht Computer Consulting, Fremont CA User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 Message-ID: Lines: 50 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 18 Sep 2003 06:40:58 GMT NNTP-Posting-Host: 208.201.233.172 X-Complaints-To: abuse@sonic.net X-Trace: typhoon.sonic.net 1063867258 208.201.233.172 (Wed, 17 Sep 2003 23:40:58 PDT) NNTP-Posting-Date: Wed, 17 Sep 2003 23:40:58 PDT Path: news.meer.net!sea-read.news.verio.net!dfw-artgen!sjc-peer.news.verio.net!news.verio.net!hammer.uoregon.edu!newsfeed.media.kyoto-u.ac.jp!newsfeed.icl.net!newsfeed.fjserv.net!newsfeed.freenet.de!feed.news.nacamar.de!news.csl-gmbh.net!news-out.nuthinbutnews.com!propagator2-sterling!In.nntp.be!feed.news.sonic.net!typhoon.sonic.net!not-for-mail Xref: archive.mv.meer.net ba.internet:14183 news.admin.net-abuse.email:160 comp.mail.sendmail:47034 "Alexey V. Kouznetsov" writes: > Also spammers are free to use random domain names in .NU domain for last 2 > or 3 years for example. This also returns two A records to any unregistered > domain. > > > ;; ANSWER SECTION: > 897987hjhkljhkjlkljgklglk.nu. 1D IN A 64.55.105.9 > 897987hjhkljhkjlkljgklglk.nu. 1D IN A 212.181.91.6 Nothing ever gets fixed unless it breaks enough to cause real pain. In a way it is good that Verislime added the wildcards to .com and .net, because that forced people's hands. Running with the new bind patches and disallowing any TLD to offer A-records I see no more problems with the .nu forgeries. $ dig 897987hjhkljhkjlkljgklglk.nu ; <<>> DiG 9.2.2-P1 <<>> 897987hjhkljhkjlkljgklglk.nu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65212 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;897987hjhkljhkjlkljgklglk.nu. IN A ;; Query time: 120 msec ;; SERVER: 192.83.197.1#53(192.83.197.1) ;; WHEN: Wed Sep 17 23:29:52 2003 ;; MSG SIZE rcvd: 46 I do see a message in the console window indicating that things are working correctly: Sep 17 23:35:34 capsicum named[22003]: enforced delegation-only for 'nu' (897987hjhkljhkjlkljgklglk.nu) You might want to experiment by grabbing my file: http://www.wsrcc.com/wolfgang/ftp/delegation-only.conf and then including it into your main named.conf via an: include "delegation-only.conf"; -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ Article: 14185 of ba.internet From: Roger Marquis Newsgroups: ba.internet Subject: Re: Blocking Verisign's new wildcard DNS record Date: Wed, 17 Sep 2003 19:20:48 +0000 (UTC) Organization: Usenet News Lines: 18 Message-ID: References: <36P9b.7285$CU3.6207@pd7tw3no> NNTP-Posting-Host: gw.roble.com X-Trace: news.mainstreet.net 1063826448 92889 207.5.1.105 (17 Sep 2003 19:20:48 GMT) X-Complaints-To: usenet@news.mainstreet.net NNTP-Posting-Date: Wed, 17 Sep 2003 19:20:48 +0000 (UTC) Path: news.meer.net!sea-read.news.verio.net!dfw-artgen!iad-peer.news.verio.net!news.verio.net!in.100proofnews.com!in.100proofnews.com!nntp-relay.ihug.net!ihug.co.nz!news-out.newsfeeds.com!propagator2-maxim!feed-maxim.newsfeeds.com!feeder.nmix.net!news.mainstreet.net!not-for-mail Xref: archive.mv.meer.net ba.internet:14185 In ba.internet alt wrote: >Given the utter stupidity from Verisign, (ohhh... how often have they been >in that frame of mind? "...and there was weeping an nashing of teeth....") >I have no qualms blocking verisign.com lookups and pushing them to my own >notification page so my customers know why I'm blocking Verisign.com. You might not have to given the patches coming out: -- Roger Marquis Roble Systems Consulting http://www.roble.com/ Article: 14220 of ba.internet Newsgroups: ba.internet,news.admin.net-abuse.email,comp.mail.sendmail,alt.comp.mail.postfix From: schuma@gaertner.de (Joerg Schumacher) Subject: Re: Blocking Verisign's new wildcard DNS record X-Newsreader: trn 4.0-test71 (18 April 1999) Sender: usenet@gaertner.de (Mr. News) Organization: Gaertner Datensysteme, Braunschweig, Germany Message-ID: References: <3phbkb.u2a.ln@relay.techsell.ru> X-Nntp-Posting-Host: aunt.gaertner.de Date: Thu, 18 Sep 2003 20:16:53 GMT Lines: 29 Path: news.meer.net!sea-read.news.verio.net!dfw-artgen!sjc-peer.news.verio.net!news.verio.net!hammer.uoregon.edu!news.algonet.se!algonet!news.tele.dk!news.tele.dk!small.news.tele.dk!npeer.de.kpn-eurorings.net!gaertner.de!not-for-mail Xref: archive.mv.meer.net ba.internet:14220 news.admin.net-abuse.email:167 comp.mail.sendmail:47077 In article , Wolfgang S. Rupprecht wrote: >[...] >Running with the new bind patches and disallowing any TLD to offer >A-records I see no more problems with the .nu forgeries. >[...] >You might want to experiment by grabbing my file: > > http://www.wsrcc.com/wolfgang/ftp/delegation-only.conf > >and then including it into your main named.conf via an: > > include "delegation-only.conf"; Please check the policy of each tld before using "type delegation-only". .DE is NOT delegation-only. .DE has tons of A and MX records. One of the bigger webhosters (strato.de) makes use of this "feature". Here's one example: whois -h whois.denic.de dev0.de [...] nsentry: dev0.de IN A 192.67.198.4 nsentry: www.dev0.de IN A 192.67.198.4 nsentry: dev0.de IN MX 10 mailin.webmailer.de nsentry: *.dev0.de IN MX 10 mailin.webmailer.de [...] HTH, Joerg