Things are afoot with the root .com and .org servers as run by Verisign.
Type this in your browser:
www.andthenwewenthome.com
It's an invalid domain - it doesn't exist. It doesn't return a DNS error however, oh no. Look what Verisign has gone and done...
Monday, 29 September 2003
Subscribe to:
Post Comments (Atom)
God, and the bleeting by the fucking /. crowd is defening. What verisign have done sucks a bit, it's a pain in the tits to ping a domain and get a response when it doesn't actually exist.
ReplyDeleteBut this is what fucking happens when you let private companies deal with things like this, they want to make money. I don't blame them for wanting to make money, that's what they have to do.
They shouldn't be in a position to do this in the first place, and that's not their fucking fault.
(you can configure your dns to not follow by the way, which is what I've done here)
Almost all large ISPs have patched around this now... I have 5 ISPs at my disposal, and so far 3 of them I've tried all give me the expected 'NX Domain' response.
ReplyDeletehow do you configure your dns ?(just figuring we ought to get our office IT monkey up to speed :-)
ReplyDeleteDepends on what dns system you're using I'm afraid. Plenty of notes online about it though, do a google, I did!
ReplyDelete...There's been a bunch of stupid shit going on with the network I look after, and I've sussed out that it's all verisigns fucking lame fault. Probably the most important part of a windows 2000 network is dns, it's the foundation of it all you see, it holds the shit together. So rather than the old netbios names in previous windows networks, you give your hosts proper internetty names (that's a technical term that is), and you give the domain a name, and it all works out just like the real interweb. You don't normally give your domain a real domain name though, it's a bit of a security no-no, because your already giving your usernames away as email addresses, giving away your domain too is just silly. So we've got a network based on dns using a domain that doesn't really exist.
Not a problem, the zones on your dns server only, because it doesn't exist.
Except now fucking verisign responds to domains that don't exist.
.. So if a dns lookup manages to hit a dns s!erver that's not internal when looking for an internal resource (say a secondary dns on a host), it's going to get verisigns ip, and start looking over there for its shit. The result is a full firewall log because internal machines are trying to do silly shit to an external IP, and a whole host of things from ldap replication to spam blockign suddenly throws a wobbly. All because of fucking verisign being fucking fuckers.
Now, there is a silver lining here... Verisign says they're getting ddosed. Of course they fekking are! They'll be getting hammered from installations like mine! They'll also be getting hammered from msblaster too, which is looking for microsoftupdate.com which no longer exists. HA!