|
List Info Thread: Re: DNS Blacklist feature
[1-2]
|
||||||||||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||||||||||
Re: DNS Blacklist feature |
|
List Info Thread: Re: DNS Blacklist feature
[1-2]
|
||||||||||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||||||||||
NetBSD.org> wrote:
> Moving this to tech-net...
>
> D'Arcy J.M. Cain wrote:
> > How do we feel about a mod to the resolver library
to implement a
> > DNS blacklist? Verizon and others are starting to
resurrect
> > sitefinder on a local basis. It occurs to me that
one self-defense
> > mechanism would be the ability to add a line to
/etc/resolv.conf
> > that declares certain IP addresses as
evil^H^H^H^Hinaccurate and
> > treat responses with those addresses as returning
NXDOMAIN. This
> > would allow users behind those hijacking DNS
servers to identify
> > and redirect the redirection. What exactly is the
problem?
> Queries for non-existant names returns an A record that
points
> to one of their web servers saying
"welcome"?
> Do they do it when recursion is both enabled and
disabled?
>
See
www.consumeraffairs.com/news04/2007/11/verizon_search.html
And the feature won't help. This nonsense is implemented by
Verizon in
their customer-facing caching servers, whose addresses are
handed out
by dhcp. You can even opt out, in which case you get
different IP
addresses, per