Re: [Exim] Verisign pulls a fast one

Top Page
Delete this message
Reply to this message
Author: Chris Meadors
Date:  
To: Exim
Subject: Re: [Exim] Verisign pulls a fast one
On Wed, 2003-09-17 at 12:18, Christian Vogel wrote:
> There is a official cure to the wildcard-A-problem posted to
> the www.isc.org website: It allows you to define "delegation only"
> zones for which everything besides NS-entries is ignored.
> It's actually quite funny to read, because they managed to not
> mention verisign, .net or .com at all :-)


After you get your BIND patched:
http://www.isc.org/products/BIND/delegation-only.html

I put together a little file that lists all TLDs as delegation only. So
no one else can get any bright ideas from Verisign.

You can "include" this file from your named.conf, or just copy and paste
all the lines (or just the ones you want) into it:

http://www.clubneon.com/files/named.delegation-only

I do appreciate the quick response on this list, with numerous examples
for work arounds to keep Exim rejecting e-mails from bogus domains. But
at the heart of it all, this is a DNS problem, and is best solved
there. I'm happily seeing NXDOMAINs again, just like two days ago.
Actually I should thank Verisign too. Without this move on their part,
I wouldn't have bothered working around the other ccTLDs. (Even though
I knew of trouble with the .ac because we use an "ac" subdomain.)

--
Chris