This is simply amazing, Verisign has just turned the .COM and .NET TLD DNS servers up-side-down for their own economical gain and, in doing so, disrupted network traffic for most of the Internet. Mail administrators who use any non-existant DNSBL to mark email as spam suddenly has all their mails deleted, people using localhost.localdomain.com on their servers for administrative purposes are scrambling to find out the cause of their problems and DNS problems arise everywhere as neg caching is essentially disabled and all DNS caches have to cache each and every randomly typed DNS query. The BIND patch that prevents this should be released Wednesday. http://slashdot.org/article.pl?sid=03/09/16/0034210&mode=thread&tid=126&; tid=95&tid=98&tid=99 <quote> DragonHawk writes "As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising." Read on below for some more information. </quote> http://apnews.excite.com/article/20030916/D7TJOF3G0.html <quote> The Internet Software Consortium, the nonprofit organization that develops BIND software for Internet domain name directories, is writing an "urgent patch" for Internet service providers and others who want to block customers from a new Site Finder service from VeriSign Inc. Though VeriSign gets unspecified revenues from search engine partners whose technology powers Site Finder, company officials described the service as primarily a navigation tool to help lost Internet users. Earlier this year, a suburban Washington company called Paxfire Inc. tested a similar service for ".biz" and ".us" names, but the U.S. government and a private oversight board asked Paxfire to suspend it after a few weeks pending a review, Paxfire chairman Mark Lewyn said. </quote> Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities
