Recently verisign added a wildcard A record to the .COM and .NET TLD DNS zones making all .com and .net domains appear to be registered (and bring up a versign site in a browser). This causes many problems such as breaking important anti-spam checks which verify source domains exist. ISC has releasing a patch for BIND which adds "delegation-only" zones to allow admins to return the .com and .net domain resolution to their normal function: http://marc.theaimsgroup.com/?l=bind-users&m=106378709918676&w=2 Reproducible: Always Steps to Reproduce: 1. think of your favorite .com or .net website (www.google.com) 2. insert random number in domain name (www.goo48197gle.com) 3. load website Actual Results: you are redirected to sitefinder.verisign.com
http://www.isc.org/products/BIND/delegation-only.html has information and links to patches for all the other versions as well. In addition, http://marc.theaimsgroup.com/?l=bind9-users&m=106379587928771&w=2 has this little piece about what changes need to be made to the named.conf file: There is no need to create a com or net data file. Just the entries to the named.conf file is enough zone "com" { type delegation-only; }; zone "net" { type delegation-only; }; Danny, could you kindly modify the summary to make it more descriptive. E.g., something like "9.2.2-p1 of bind available to counteract verisign wildcard madness" would be more appropriate and would help other people who are searching for this bug.
Created attachment 17929 [details] ebuild with new named.conf and digest This is contains a digest and an ebuild which uses the patch (which has been bzip2'ed for mirroring and initially hosted by the University of Arizona).
I've created an attachment of a modified the ebuild for this patch. It contains a digest and (of course) the ebuild that uses the patch (which has been bzip2'ed down from 40k to 8k for mirroring and hosted by the University of Arizona) and contains a new named.conf.
Looks like Solar already popped this into portage, thanks folks.
*** Bug 28998 has been marked as a duplicate of this bug. ***