28980 – 9.2.2-p1 of BIND available to counteract verisign wildcard madness

Bug 28980 - 9.2.2-p1 of BIND available to counteract verisign wildcard madness

Summary: 9.2.2-p1 of BIND available to counteract verisign wildcard madness

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Brandon Low (RETIRED)

URL:	http://marc.theaimsgroup.com/?l=bind-...
Whiteboard:
Keywords:

Duplicates (1):	28998 (view as bug list)
Depends on:
Blocks:	28998
	Show dependency tree

Reported:	2003-09-17 06:49 UTC by Danny
Modified:	2003-10-21 08:22 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild with new named.conf and digest (bind-9.2.2-r3.tgz,3.10 KB, application/octet-stream) 2003-09-17 16:45 UTC, Danny	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Danny 2003-09-17 06:49:04 UTC

Recently verisign added a wildcard A record to the .COM and .NET TLD DNS zones 
making all .com and .net domains appear to be registered (and bring up a versign 
site in a browser).  This causes many problems such as breaking important 
anti-spam checks which verify source domains exist.  ISC has releasing a patch 
for BIND which adds "delegation-only" zones to allow admins to return the .com 
and .net domain resolution to their normal function:

http://marc.theaimsgroup.com/?l=bind-users&m=106378709918676&w=2

Reproducible: Always
Steps to Reproduce:
1.  think of your favorite .com or .net website (www.google.com)
2.  insert random number in domain name (www.goo48197gle.com)
3.  load website

Actual Results:  
you are redirected to sitefinder.verisign.com

Comment 1 Haroon Rafique 2003-09-17 07:40:05 UTC

http://www.isc.org/products/BIND/delegation-only.html has information and links to patches for all the other versions as well.

In addition, http://marc.theaimsgroup.com/?l=bind9-users&m=106379587928771&w=2 has this little piece about what changes need to be made to the named.conf file:

There is no need to create a com or net data file. Just the
entries to the named.conf file is enough
  zone "com" { type delegation-only; };
  zone "net" { type delegation-only; };

Danny, could you kindly modify the summary to make it more descriptive. E.g., something like "9.2.2-p1 of bind available to counteract verisign wildcard madness" would be more appropriate and would help other people who are searching for this bug.

Comment 2 Danny 2003-09-17 16:45:04 UTC

Created attachment 17929 [details]
ebuild with new named.conf and digest

This is contains a digest and an ebuild which uses the patch (which has been
bzip2'ed for mirroring and initially hosted by the University of Arizona).

Comment 3 Danny 2003-09-17 16:47:58 UTC

I've created an attachment of a modified the ebuild for this patch.  It contains a digest and (of course) the ebuild that uses the patch (which has been bzip2'ed down from 40k to 8k for mirroring and hosted by the University of Arizona) and contains a new named.conf.

Comment 4 Brandon Low (RETIRED) gentoo-dev

2003-09-17 23:22:19 UTC

Looks like Solar already popped this into portage, thanks folks.

Comment 5 Martin Holzer (RETIRED) gentoo-dev

2003-10-21 08:22:55 UTC

*** Bug 28998 has been marked as a duplicate of this bug. ***