[rescue] The Verisign Exploit

Sheldon T. Hall shel at cmhcsys.com
Wed Sep 17 15:58:06 CDT 2003

I suppose you all know that Verisign has, essentially, hijacked the DNS
protocol, and now any otherwise-unassigned .com or .net domain name resolves
to  Unless you have today's patch for BIND, it seems all
mistyped browser addresses end up on a Verisign page.

This not only affects browsers, but e-mail, and breaks anti-spam measures
that refuse mail that arrives with an otherwise-unresolvable "From" domain.

Although they resolve it, they don't answer pings ...

foo $ ping whatabunchoffsckinggarbage.com

Pinging whatabunchoffsckinggarbage.com [] with 32 bytes of data:

Request timed out.
foo $

They do answer to "telnet whatabunchoffsckinggarbage.com 25", though.

And my question is ... where can I get a patched version of BIND for Solaris
7, one that will install with the fewest hassles?


More information about the rescue mailing list