> Questions:
> (1) It looks to me like if the ghost name is in our
> DNS RPZ zone, then that 'fixes' the problem for
> that name. Is this correct?
Ghost domain could be redelegated to a new owner and become absolutely
legal.
On 09.02.12 07:36, John Hascall wrote:
Caveat Emptor -- if you buy a former TDSS (or someother evil) domain,
that's just too bad.
unfortunately, RPZ or DNSSEC - solving this problem depends on while
world using them, so with this flaw in DNS protocol we're screwed
still.
When you buy a domain, just check if it's blacklisted anywhere if you
want to avoid this
> (2) It also looks like restarting bind flushes the cache
> and that prevents the repopulation of the local cache
> with names which are ghosts (new different ghost names
> could, of course, be created). Is this correct?
AFAIK 'rndc flush' will do the same.
Thanks - we're doing a nightly restart for other reasons.
what?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
