At 05:39 PM 10/15/2003 +0200, Adrian Wiesmann wrote:
>This blocking talk actually brings me to something else: Would it be easy
>(and a need) to do some DNS Injection on m0n0wall by default for all
>Verisign Wildchard answers?
>I think about an option which can be enabled/disabled which listens for
>all DNS traffic and removes/overwrites/replaces answers for verisigns
>wildchard search page.
There is a cleaner solution, already implemented by the Internet Software
Consortium (ISC) who maintain the Berkeley Internet Name Daemon (BIND),
also known as /usr/sbin/named in the FreeBSD world.
They added a new declaration for a nameserver, which makes it a delegate
only. That is, they don't accept A records from such a server, only referrals.
Update your named to BIND-9 (in the ports collection) and you're covered.
Chad R. Larson (CRL22) chad at eldocomp dot com
Computing, Inc. 602-604-3100
5353 North 16th Street, Suite
Phoenix, Arizona 85016-3228
-- CONFIDENTIALITY NOTICE --
This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.