Re: [Asrg] 7. BCP - Verisign and wildcards

[Jonathan Morton <chromi@chromatix.demon.co.uk>]

> > >  Please don't get me wrong, I am really upset about VeriSigns "coup",
> > >  but there is more to fix than just .com/.net and not all white hats
> > >  are without big black spots ...
> >     Right.  This is why ISC is working on a real solution to the 
> > overall problem.  According to the article by Declan McCullagh at 
> > <http://news.com.com/2100-1032_3-5077530.html>, there should be a fix 
> > for this published by tomorrow.
> the expectations for .com and .net to not
> have wildcards were all set many years ago, and it's the violation of 
> those
> expectations that's got people angry enough to publish patchware about 
> it.
New versions of BIND 9.{1,2,3} have just been released:

-- snip --
In response to high demand from our users, ISC is releasing a patch for 
BIND
to support the declaration of "delegation-only" zones in 
caching/recursive
name servers.  Briefly, a zone which has been declared 
"delegation-only" will
be effectively limited to containing NS RRs for subdomains, but no 
actual
data outside its apex (for example, its SOA RR and apex NS RRset).  
This can
be used to filter out "wildcard" or "synthesized" data from NAT boxes 
or from
authoritative name servers whose undelegated (in-zone) data is of no 
interest.
-- snip --

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi@chromatix.demon.co.uk
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg