Well I think so. Everyone else will probably just think I am nuts.

By now you have heard about the VeriSign .net .com DNS server response change for invalid urls. If not or you don't really know the details (US press has been terrible in reporting the actual implications) see my ealier post a little ways down on this board. At any rate as a matter of prinicple I needed to block the resulting redirect. Yes I am being petty. So I have been playing with entering bogus addresses trying to determine the best way to go about it. Most of the time I was using http://www.verislime.com. Well there must be a lot of other people doing the same. Verisign (I assume it is their action and not another party) have stopped responding with the redirection IP and the lookup immediately fails (looks like an intentional immediate disconnect). I don't think this is a change of heart on their part or my ISP because http://www.verislime2.com still resolves to the redirection IP. Results:

$ nslookup http://www.verislime.com
** server can't find http://www.verislime.com: SERVFAIL

$ nslookup http://www.verislime2.com
Name: http://www.verislime2.com
Address: 64.94.110.11

Now lets check that 64.94.110.11 out just to be sure:

$ nslookup 64.94.110.11

11.110.94.64.in-addr.arpa name = sitefinder-idn.verisign.com.

Yup that is the wild card match. Repeated this a number of times to make sure it wasn't just a fluke. A few other unflattering names with verisign in them that had resolved to the wild card match (11.110.94.64) are now also getting igorned but weren't before. I am guessing they are trying to take the load off their search site since they know people using these sort of names aren't going to actually use the site.

BTW I settled on having Squid doing the blocking. Even set it up to use the standard Squid error page for unresolved host names. Think I will modify to include links to my favorite search engines at the bottom. I have really come to love the Squid. Snapper page loading, quicker name resolution (caching DNS), improved security (unless misconfigured then worse), and now if I do accidently mistype a name I won't have to watch the browser spin while it tries to connect to the stupid VeriSlime search site.

posted by 216.165.14...

• OT: Oh this is a hoot! (long), saw, Tue, 23 Sep 2003 19:32:50 <-- Viewing This Message
  • just nullroute like everyone else :) n/m, Trev, Tue, 23 Sep 2003 19:55:53
    • Don't get it but . But maybe I don't understand, saw, Tue, 23 Sep 2003 21:15:11
      • Doh! Hit return while still editing above message, saw, Tue, 23 Sep 2003 21:20:12

No Site Registration is Required to Post - Site Membership is optional (Member Features List), but helps to keep the site online
for all Saabers. If the site helps you, please consider helping the site by becoming a member.

• Prev by Date: Re: How are those late eighties, early nineties Audis?, MisplacedYankee, Tue, 23 Sep 2003 18:59:08
• Next by Date: the C70 under customer vehicles is nice as well :) n/m, Trev, Tue, 23 Sep 2003 19:55:04
• Main General Bulletin Board

StateOfNine.com

SaabClub.com

Jak Stoll Performance

M Car Covers

Ad Available

The content on this site may not be republished without permission. Copyright © 1988-2024 - The Saab Network - saabnet.com.
For usage guidelines, see the Mission & Privacy Notice.
[Contact | Site Map | Saabnet.com on Facebook | Saabnet.com on Twitter | Shop Amazon via TSN | Site Donations]

Random Saabnet.com Member Gallery Photos (Click Image)