Verisign Hijack all possible .com .net domains and destroy Email::Valid, Net::DNS, gethostbyname() etcby tachyon (Chancellor)
|on Sep 30, 2003 at 05:49 UTC||Need Help??|
For some this is relatvely old news, as the change dates from 15th Sept 2003. In case you don't yet know (or sort of know but have not really considered what it means) - Have a look at this Installing Email::Valid or try this:
If you are trying to validate that a domain exists Verisign have now ensured that it will appear to exist at 220.127.116.11 (unless it really does exist) If this IP stays the same it is at least a fixable issue. If you are currently doing anthing that checks to see if a domain exists and splits logic if it does not it will now be totally broken. Just some to the code that will now not behave as expected:
There is a discussion of the ramifications here There are a number of DNS server patches already out http://lists.insecure.org/lists/bugtraq/2003/Sep/0276.html
Update thanks Moriarty
This only affects TLDs controlled by Verisign et al, but as that includes .com and .net we are not talking about a small problem.