tomclegg.net


Diary
Examples
Hire Tom
Mostly Mozart
Patches
    apache
    freebsd-usb-phase-error
  >hack-verisign<
    nusoap-ncbi-encoding
School
Scrapbook
Software
Telephones




colocation
comments
davidireland
edsgranola
faq
funsites
goodlooking
goodmovies
google-earth-saucy-amd64
houserules
liberating
resume
resume2
scratch
shopping
snacks
todo
university
warisbogus

This patch is obsolete; on 3 October 2003, ICANN demanded that Verisign remove their wildcard.

There is also a generic solution to this problem at tinydns.org.

This is a patch for djbdns-1.05.

On 15 September 2003, Verisign started answering queries for non-existent domains with an A record "64.94.110.11". This has annoying consequences:

• Users see an ad for Verisign instead of a sensible error message.
• Programs think that all .com domains exist, and all .com domains can receive mail.

This patch causes dnscache to return NXDOMAIN (domain does not exist) for any query whose response contains the above IP address.

--- response.c.orig     Sun Feb 11 13:11:45 2001
+++ response.c  Fri Sep 19 00:40:06 2003
@@ -14,6 +14,7 @@

 int response_addbytes(const char *buf,unsigned int len)
 {
+  if (len == 4 && byte_equal(buf,4,"\100\136\156\013")) { response_nxdomain(); }
   if (len > 65535 - response_len) return 0;
   byte_copy(response + response_len,len,buf);
   response_len += len;