All .COM / .NET domain names now exist
bscott at ntisys.com
bscott at ntisys.com
Mon Sep 15 22:55:07 EDT 2003
On Mon, 15 Sep 2003, at 10:35pm, mwl+gnhlug at alumni.unh.edu wrote:
> ... but I can't verify this. Domains that don't exist are correctly
> returning NXDOMAIN on my systems, even after flushing the caches on my
> local nameservers.
>
> How did you determine this to be the case?
I was alerted to the problem by message traffic on NANOG. I verified it
by sending my DNS queries right to the SOA. The fact that VeriSign has
published white-papers about it tells me it is intentional.
Many ISPs are already implementing counter-measures against this VeriSign
trickery. Some are just null-routing 64.94.110.11, but I've seen public
discussion about how to patch ISC BIND to trap the VeriSign tricks and
return the "correct" answer.
The following was run on my home computer, which runs a local named, which
in turn forwards to my ISP resolvers, which in turn do who knows what.
Note that a local query returns NXDOMAIN, while a query sent to the SOA
returns the VeriSign IP address.
$ host bogusdomainname.com
Host bogusdomainname.com not found: 3(NXDOMAIN)
$ host bogusdomainname.com a.gtld-servers.net
Using domain server:
Name: a.gtld-servers.net
Address: 192.5.6.30#53
Aliases:
bogusdomainname.com has address 64.94.110.11
$
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list