In this episode, Matt and Cricket answer Harry Stein’s question about a DNSstuff search that turned up suspected cache poisoning, and Kirk Davis’s question about Google’s (somewhat crazy) recommendations on how to force the use their non-SSL-based services.
Podcast: Play in new window | Download
Remember SiteFinder? (I’m sure you guys do…) This is reminiscent of that fiasco. These wildcards that tripped up Harry Stein are doing a similar thing, resolving to an address for a web page to perhaps “help out people who make typos”, which of course seems to foul up the TLD lookup tool. Just like SiteFinder turned into an e-mail magnet because some MTAs got confused by no longer receiving NXDOMAIN responses for bogus names under com and then tried to deliver mail to the SiteFinder servers. In a similar way, the TLD lookup tool seems to be expecting NXDOMAIN to determine if a domain name is available. Of course, an EPP- or whois-based tool is the proper way to do that.
And FWIW, both the RPZ and RRL (DDoS rate-limiting) patches are included in the Debian bind9 package (and by extension, Debian-based derivatives) starting with version 1:9.8.4.dfsg.P1-5 and updated in 1:9.9.3.dfsg.P2-1.
Posted by Michael Milligan on October 3rd, 2013.