Re: ISC to build dns patch against Verisign's change...

[Rob Austein <sra@hactrn.net>]

At Wed, 17 Sep 2003 00:22:58 +0200, Bert Wijnen wrote:
> 
> Mmm... although I do not like what Verisign is doing, I would
> also not want my ISP to BLOCK anything in this realm. I would
> rather have a tool that lets me as an individual or company
> decide what I want to do when I mistype a domain name.
> Does that not make sense?

i haven't talked to anybody (full disclosure: technically, that's
"anybody else", since i'm an isc fellow) from isc about this, and i've
seen neither the putitive patch nor any discussion of precisely what
it will do, but since dns software per se doesn't block transport
connections anyway, i suspect that this newspaper report is a mangled
version of something that started out like:

"isc is working on a patch which will detect when a query has been
answered by verisign's wildcard hack and will substitute the nxdomain
response that verisign should have returned in the first place."

ie, the report suggests that isc has decided that verisign's wildcard
hack is damage, and that isc has decided that they'd better make it
possible for the internet to route around this.