Verisign DNS Tragedy - * -> 64.94.110.11, Let's hack 64.94.110.11 -> www.goatse.cx Options

[TrNSZ]

I'd be impressed to see someone hack 64.94.110.11 and redirect traffic to www.goatse.cx.

That would be worth a monetary donation for sure. =)

On a more serious note:

In the meantime, there are some good solutions for users looking to get NXDOMAIN responses. I'm currently using dnsmasq which has a new option, --bogus-nxdomain, which allows you specify, for example, 64.94.110.11 and workaround the issue as long as you keep the IP addresses used by the generic redirection up to date.

A quick hack for Windows users is to add 64.94.110.11, sitefinder.verisign.com, and other IP such as 12.158.80.10, to 127.0.0.0 using the hosts file. I'm sure there are better solutions for Windows.

dnsmasq should be compilable on Win32. There are BIND ports for Win32, and BIND released a similar patch to deal with this issue too.

[rjamorim]

Erm... sorry, but I don't understand what's going on here.

What's the deal with 64.94.110.11?

[Gabriel]

Verisign now own virtually any unregistered .com/.net domain name.

[jsheridan]

Any solution available for us Windows 2k/2k3 DNS Users? (Which are forced to use it because of active directory etc?)

[rjamorim]

Verisign now own virtually any unregistered .com/.net domain name.

wow...

[spoon]

How is that any worse than Microsoft poping up - on MSN it cannot find the domain (for Internet Explorer Users)?

[kode54]

This affects more than just web browsers.


Example: All those spam messages that come from bogus .com and .net addresses? All those domains are now valid, thanks to Verisign. Unless, of course, your DNS servers are patched against this nonsense.

This post has been edited by kode54: Sep 18 2003, 04:26

[sthayashi]

Any information on HOW that happened? An article link or something?

[Floydian Slip]

Check out this news at SlashDot

And some discussion at NANOG

IMO, Verisign should be banned on managing TLD. They should be forced to hand over their administration of the root ns to a competent not-for-profit organization.

[Canar]

I'd be impressed to see someone hack 64.94.110.11 and redirect traffic to www.goatse.cx.

goatse.cx? Who links to goatse.cx these days? Today's real trolls link to tubgirl.comtubgirl.com.

Note: Do not click that link if you do not want to be disgusted. Seriously.



Ack. This DNS thing really sucks. However, it seems as though it hasn't propagated to me yet; misspelled domains still give a normal error here.

Edit: Wow... HA filters out tubgirl links. Cool.

This post has been edited by Canar: Sep 18 2003, 07:41

[Andavari]

Erm... sorry, but I don't understand what's going on here.

What's the deal with 64.94.110.11?

I was thinking the same thing when I read it yesterday.

So, could this be the root of DNS problems?
I've had some weird crap happening with my ISP with the DNS server magically going down everyday, and websites not being responsive or not loading.

[YinYang]

I found this explanatory rant to be pretty informative for me.

http://www.haque.net/verisign_dns_rant.php

[edit] Especially the part about their logging of mistyped URL's containing personal info was interesting [/edit]

This post has been edited by YinYang: Sep 18 2003, 12:57

[AstralStorm]

Seems like my ISP has already taken care of this brain damage.

/EDIT\
Spoken too soon - got my DNS cache record.
\EDIT/

This post has been edited by AstralStorm: Sep 18 2003, 14:32