On Fri, Sep 19, 2003 at 11:14:25AM +0200, Jonas Petersson wrote:
>
> Ben Hutchings wrote:
> > On Fri, Sep 19, 2003 at 02:40:54PM +0900, Shawn wrote:
> > > I think it will be taken care of based on this I saw on the tlug list
<snip>
> > > Actually don't worry the BIND root servers are being patched to kill
> > > off this the work around would take you longer than waiting for the
> > > BIND roots to be updated (which will kill off Verisigns B.S.)
>
> > I'm a little dubious as to how the root servers could possibly work
> > around this. In any case, Verisign runs several of them, so I can't
> > believe they will all be patched in this way.
>
> I believe the patch is basically that root servers are only supposed to
> return NS delegation and never A records so the BIND patch simply
> ignores A records returned from the root servers when NS was expected.
> Easy.
It is not the root servers that are at fault here, but TLD name
servers; however, the same rule applies. I am aware of the patch for
BIND (and similar patches for other name servers). Someone appears to
be proposing that a change to root server configuration could have the
same effect without requiring people to patch and reconfigure their
caching name servers. I don't see that.
--
Ben Hutchings
compatible: Gracefully accepts erroneous data from any source
Received on Fri Sep 19 12:34:06 2003