Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: Re: Re: Verisign Hijack - Patches may be available

by bunnyman (Hermit)
on Sep 30, 2003 at 15:59 UTC ( #295331=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Verisign Hijack - Patches may be available
in thread Verisign Hijack all possible .com .net domains and destroy Email::Valid, Net::DNS, gethostbyname() etc

(if what is shown on the patch page seems a little obique :-)

The way this works is actually pretty simple. The DNS servers for .com and .net should only send to you NS records. NS records are like pointers to other DNS servers. This patch rejects everything except NS records when they come from the VeriSign servers. Now when they send to you an A record (which has the IP address inside it), it will ignore it and the patch will instead give you the "does not exist" response.

This is a good way to work around the problem, because it will still work correctly even if VeriSign changes the IP address that they use.

The Acme::DNS::Correct module does not work this way. It merely looks for the hardcoded IP address in the response and filters it out. It will not work if the IP address is ever changed. Well, it's only an Acme module, after all.

  • Comment on Re: Re: Re: Verisign Hijack - Patches may be available

Replies are listed 'Best First'.
Re: Re: Re: Re: Verisign Hijack - Patches may be available
by tachyon (Chancellor) on Oct 01, 2003 at 01:03 UTC

    Sadly it would be a trivial hack at Verisign to return NS records to their own NS servers at which point you simply could not tell if they were faking it. They have said they won't. I trust them ;-)




Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://295331]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (2)
As of 2018-02-19 04:28 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (258 votes). Check out past polls.