Summary: | djbdns patch to block Verisign's sitefinder fiasco - return NXDOMAIN when an address resolve to certain ips. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Dave Love <dlove> |
Component: | New packages | Assignee: | Jared H. Hudson (RETIRED) <jhhudso> |
Status: | RESOLVED WONTFIX | ||
Severity: | enhancement | CC: | agenkin, bugs, delta407, gentoo8, nikai, vapier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Ebuild including ipignore patch
ignore ip patch Documentation file for setting up dnscache/root/ignoreip revised ebuild to download & install patch |
Description
Dave Love
2003-09-17 07:41:32 UTC
Created attachment 17890 [details]
Ebuild including ipignore patch
The ipignore patch must come before the fwdzone patch or it won't apply.
Created attachment 17891 [details, diff]
ignore ip patch
Patch which adds the ability to ignore A records revolving to a given list of
ips
Created attachment 17892 [details]
Documentation file for setting up dnscache/root/ignoreip
Created attachment 17896 [details]
revised ebuild to download & install patch
fefe has updated his ipv6 patch for djbdns, too. It comes now with an IPv6 version of Russ Nelson's Verisign civil disobedience patch. -> http://fefe.de/ fefe has updated his ipv6 patch for djbdns, too. It comes now with an IPv6 version of Russ Nelson's Verisign civil disobedience patch. -> http://fefe.de/ When we update the ebuild, it may also be useful to include J.P. Larocque's script that (allegedly, I haven't tried it yet) dynamically builds a list of IP addresses that need to be ignored. There is a link to the script from the instructions in the patch itself, but, in case it saves someone some time, here is a copy-and-paste job: J.P. Larocque contributes a script which updates root/ignoreip: http://ely.ath.cx/~piranha/software/ignoreip-update/ignoreip-update-0.1 Seems like this isn't needed now that verisign changed. |