This page provides a patch to BIND 8 to ignore the wildcard A record Verisign is now returning for unregistered .com/.net domains. It was cooked up over 10 minutes of pure anger and has not been properly tested; it would be better to be able to specify which IPs to ignore in the configuration file. Suggestions or improved patches are very much welcomed. (Note that this patch causes SERVFAIL results; NXDOMAIN would be better, but I'm not that well versed in the BIND code.)
This patch was made against BIND 8.4.1.
Thanks to Rogier Wolff for suggesting a more readable way to write the IP address. (patch updated 2003/9/16 08:00 UTC)
Thanks to John Polstra for pointing out a memory leak. (patch updated 2003/9/17 01:00 UTC)
bind8-verisign-patch.txt (521 bytes)
See http://www.imperialviolet.org/dnsfix.html for patches for other DNS and SMTP servers.