[Mimedefang] Re: how to undo Verisigns mess
G. Roderick Singleton
gerry at pathtech.org
Thu Sep 18 14:17:00 EDT 2003
On Thu, 2003-09-18 at 13:59, Brent J. Nordquist wrote:
> On Wed, 17 Sep 2003, Justin Shore <listuser at numbnuts.net> wrote:
>
> > On Wed, 17 Sep 2003, David T Hollis wrote:
> >
> > > A soon-to-be-available help for the Verisign problem is coming from ISC:
> > > http://www.isc.org/products/BIND/delegation-only.html.
>
> For those of us still using BIND 8 (I know, I know... but that isn't my
> server, and the upgrade isn't my timing): Any recommendations of DNS
> caching software reliable enough for production, that has a fix for the
> VeriSign issue? (Or I guess I could use BIND 9 *as* the caching
> software...) TIA
I'll give you an answer for an answer. First you should know that
there's a patch fro Bind, courtesy of Clayton Braun, that duplicates
what's in bind 9. (I pasted at the bottom of the message)
Now my question. Can someone give me a a recipe that will stop ALL html
or html containing messages?
Thanks
ger
--
Gerry Roderick Singleton <gerry at pathtech.org>
416-452-4583
Here's a version of the patch that returns NXDOMAIN. This
should be applied to version 8.4.1.
--- ns_resp.c.orig Wed Sep 17 03:15:10 2003
+++ ns_resp.c Wed Sep 17 04:54:45 2003
@@ -308,6 +308,7 @@
DST_KEY *key;
int expect_cname;
int pass = 0;
+ int wasCaught = 0;
nameserIncr(from, nssRcvdR);
nsp[0] = NULL;
@@ -971,6 +972,17 @@
*/
if (i < ancount) {
/* Answer section. */
+
+ /* Beginning of anti-Verisign catch */
+ char catchIp[] = { 64, 94, 110, 11 };
+ if (type == ns_t_a && memcmp(dp->d_data,
catchIp, 4) == 0)
+ {
+ db_detach(&dp);
+ wasCaught = 1;
+ break;
+ }
+ /* End of anti-Verisign catch - Golgi Group */
+
/*
* Check for attempts to overflow the buffer
in
* getnameanswer.
@@ -1210,6 +1222,12 @@
return;
}
+ if(wasCaught == 1)
+ {
+ hp->rcode = NXDOMAIN;
+ goto return_msg;
+ }
+
/*
* We might want to cache this negative answer.
*
More information about the MIMEDefang
mailing list