Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: lug-bg: fscking Verisign ! ;-(

Subject: Re: lug-bg: fscking Verisign ! ;-(
From: Konstantin Angelov <kangelov@xxxxxxxxxxx>
Date: Thu, 18 Sep 2003 09:04:04 -0400 (EDT)

Eto kakvo mi popadna na men sluchaino sled kato prochetoh za tova tuk v
listata. Predpolagam che moje da e ot polza na nqkoi:

a number of options exist to help you remedy this issue:

        - bind 9.2.3rc2 supports "delegation-only", stopping some
          wildcard implementations from making any difference

if you simply want to stop traffic getting there (they are running a
website and a partially functional MTA on that IP):

        - you can BGP null route this
          http://www.merit.edu/mail.archives/nanog/msg13715.html

        - cisco's NBAR functionality may be used to detect and block those
          reply packets from coming in by looking for the response from
          the nameservers.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limi
t/121e/121e2/nbar2e.htm

note that this wont stop the query from reaching verisign, it will just
stop you from going to that IP. however, for some enforcing network
privacy concerns, that may be worthwhile.

hope this helps,


-- 
Konstantin Angelov
kangelov@xxxxxxxxxxx
ICQ# 21034161

On Wed, 17 Sep 2003 Vesselin Kolev said:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Tintiri-mintiri...Default TTL za vsichki zapisi za domaini v gTLD upravliavani
> ot VeriSign e 172800. Tova mozhesh sam da si go proverish po slednia
> nachin:
>
> [root@redhat updates]# dig @a.gtld-servers.net -t ns hotmail.com
>
> ; <<>> DiG 9.2.2rc1 <<>> @a.gtld-servers.net -t ns hotmail.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22846
> ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;hotmail.com.                   IN      NS
>
> ;; ANSWER SECTION:
> hotmail.com.            172800  IN      NS      ns1.hotmail.com.
> hotmail.com.            172800  IN      NS      ns3.hotmail.com.
> hotmail.com.            172800  IN      NS      ns2.hotmail.com.
> hotmail.com.            172800  IN      NS      ns4.hotmail.com.
>
> ;; ADDITIONAL SECTION:
> ns1.hotmail.com.        172800  IN      A       216.200.206.140
> ns3.hotmail.com.        172800  IN      A       209.185.130.68
> ns2.hotmail.com.        172800  IN      A       216.200.206.139
> ns4.hotmail.com.        172800  IN      A       64.4.29.24
>
> ;; Query time: 430 msec
> ;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
> ;; WHEN: Wed Sep 17 11:57:21 2003
> ;; MSG SIZE  rcvd: 165
>
> [root@redhat updates]#
>
> Gledai vtoroto pole : 172800 sec = 48 h.
>
> T.e. tolkova shte zhivee vseki cache-iran zapis pri zapitvane. Imenno za
> tova i mnogo hora se uchudvat zashto VeriSign sa pusnali zapis s tolkova
> malko vreme na cache zhivot (samo 15 min). Obiknoveno zapisi s talyv
> malyk TTL sa chesto smeniashti se. I ako naistina VeriSign iskat da smeniat
> chesto tozi zapis sme izpraveni pred dosta seriozno predizvikatelstvo.
>
> Registriraneto na nov domain niama nishto obshto s TTL. Ne byrkaite neshtata.
> To mozhe da ima obshto s opresniavane na informaciata. Naprimer, neka niakoi
> da e promenil dannite za domaina si. Ako nikoi server za imena e zapital za
> zapisi za tozi domain malko predi registera da pusne promenite, toi shte
> cache-ira starite zapisi. Sledovatelno v/u tozi DNS server starite zapisi shte
> se paziat do iztichane na vremeto im na zivot i novite niama da se vizhdat
> (govorim za vidimost ot servera, koito gi e cache-iral). Vsichki clienti,
> koito pitat vyprosnia server za imena syshto shte poluchavat starite zapisi.
>
> Molba: Haide da ne se izkazvame nepodgotveni!
>
>   Pozdravi
>         Beco
>
> On Wednesday 17 Sep 2003 15:34, Yasen Balev wrote:
> > хитри са, хитри -
> > ако беше по-голям TTL щеше да чакаш повече за да регистрираш нов домейн
> >
> > On Wednesday 17 September 2003 09:19, Vesselin Kolev wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE/aCOq+48lZPXaa+MRAicBAKDfzWrl7VtLE+vA8K66G3UuIvN1rQCgqkbf
> lpiCB34L3Xd1z932D5hXnfw=
> =EwhU
> -----END PGP SIGNATURE-----
>
> ============================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
> ============================================================================
>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Относно:
- lug-bg: fscking Verisign ! ;-(
  - Изпратено от: Plamen Tonev <micro@xxxxxxxxx>
- Re: lug-bg: fscking Verisign ! ;-(
  - Изпратено от: Vesselin Kolev <vlk@xxxxxxxxxxxxxxxxx>
- Re: lug-bg: fscking Verisign ! ;-(
  - Изпратено от: Yasen Balev <yasenbalev@xxxxxx>
- Re: lug-bg: fscking Verisign ! ;-(
  - Изпратено от: Vesselin Kolev <vlk@xxxxxxxxxxxxxxxxx>

Предишно по дата: Re: lug-bg: sendmail/qmail patch [forward outgoing mail]
Следващо по дата: Re: lug-bg: Apache suexec
Предишно по тема: Re: lug-bg: fscking Verisign ! ;-(
Следващо по тема: lug-bg: BIND reverse
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG