[62105] in North American Network Operators' Group
Patching BIND (Re: What *are* they smoking?)
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Tue Sep 16 01:33:28 2003
Date: Tue, 16 Sep 2003 05:32:50 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <2147483647.1063654833@[172.30.102.254]>
Errors-To: owner-nanog-outgoing@merit.edu
PWG> Date: Mon, 15 Sep 2003 19:40:33 -0400
PWG> From: Patrick W. Gilmore
PWG> Anyone wanna patch BIND such that replies of that IP addy
PWG> are replaced with NXDOMAIN? That solves the web site and
PWG> the spam problem, and all others, all at once.
I'd actually go for keeping the A RR for '*.net.' and '*.com.' in
an authoritative NS's cache. If any other A RR matches the
cached IP address(es), nuke the RRSet and replace with NXDOMAIN.
Until then, I guess it's time to null route and check for
circumvention. Is AS30060 used for anything legitimate?
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.
