Re: [m0n0wall] Block Verisign Wildcard? Was: Re: suggestions on blocking messenger

From:	Steven Honson <shonson at isoproplex dot net>
To:	Adrian Wiesmann <awiesmann at swordlord dot org>;, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Block Verisign Wildcard? Was: Re: suggestions on blocking messenger
Date:	Thu, 16 Oct 2003 13:51:20 +1100

Dnsmasq, the DNS server that m0n0wall uses already has this ability, with 
the --bogus-nxdomain commandline flag, so in theory it shouldn't be too 
difficult to add an extra option to m0n0wall to use this flag when 
starting dnsmasq.

This isn't a issue for now anyway, since Verisign no longer send out bogus 
results.

Cheers,
Steven

This is what Adrian Wiesmann at Wed, Oct 15, 2003 at 05:39:33PM +0200 wrote:
> This blocking talk actually brings me to something else: Would it be easy
> (and a need) to do some DNS Injection on m0n0wall by default for all
> Verisign Wildchard answers?
> 
> I think about an option which can be enabled/disabled which listens for
> all DNS traffic and removes/overwrites/replaces answers for verisigns
> wildchard search page.
> 
> Just a quick thought...
> 
> Adrian
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch