North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Change to .com/.net behavior [Authority section]
> % dig any rarrarrarrarblah.com. @f.gtld-servers.net. > > ;; AUTHORITY SECTION: > com. 2D IN SOA a.gtld-servers.net. nstld.verisign-grs.com. ( > 2003091500 ; serial > 30M ; refresh > 15M ; retry > 1W ; expiry > 1D ) ; minimum Unless I'm missing something here.. Why not just block root servers or nstld.verisign-grs.com being listed as an authority? I can not find any instance where a root server should be listed as an authority.. I've been seeing varying results between .com and .net today. .net *always* has the root servers listed as its authoratitive servers .com sometimes does.. but often its just listing: ;; AUTHORITY SECTION: com. 172800 IN SOA a.gtld-servers.net. nstld.verisi gn-grs.com. 2003091500 1800 900 604800 86400 Blocking the Answer response isn't going to work, as you know they'll change the IP.. However, one crappy thing for them.. When kids start DoS'ing the verisign IP. hey can just pick any domain they feel like that doesn't exist, and hard code it. >From the news, Micrsoft and AOL are both fairly upset of their.. I imagine Google probably will be too, since Verisign is teaming with Yahoo on this one, and Yahoo is trying to revive their own engine and stop using google. Anyhow.. What am I missing about this fix.. why won't this work?
|