[Subscribe to Daily Digest] |
Well I think so. Everyone else will probably just think I am nuts.
By now you have heard about the VeriSign .net .com DNS server response change for invalid urls. If not or you don't really know the details (US press has been terrible in reporting the actual implications) see my ealier post a little ways down on this board. At any rate as a matter of prinicple I needed to block the resulting redirect. Yes I am being petty. So I have been playing with entering bogus addresses trying to determine the best way to go about it. Most of the time I was using http://www.verislime.com. Well there must be a lot of other people doing the same. Verisign (I assume it is their action and not another party) have stopped responding with the redirection IP and the lookup immediately fails (looks like an intentional immediate disconnect). I don't think this is a change of heart on their part or my ISP because http://www.verislime2.com still resolves to the redirection IP. Results:
$ nslookup http://www.verislime.com
** server can't find http://www.verislime.com: SERVFAIL
$ nslookup http://www.verislime2.com
Name: http://www.verislime2.com
Address: 64.94.110.11
Now lets check that 64.94.110.11 out just to be sure:
$ nslookup 64.94.110.11
11.110.94.64.in-addr.arpa name = sitefinder-idn.verisign.com.
Yup that is the wild card match. Repeated this a number of times to make sure it wasn't just a fluke. A few other unflattering names with verisign in them that had resolved to the wild card match (11.110.94.64) are now also getting igorned but weren't before. I am guessing they are trying to take the load off their search site since they know people using these sort of names aren't going to actually use the site.
BTW I settled on having Squid doing the blocking. Even set it up to use the standard Squid error page for unresolved host names. Think I will modify to include links to my favorite search engines at the bottom. I have really come to love the Squid. Snapper page loading, quicker name resolution (caching DNS), improved security (unless misconfigured then worse), and now if I do accidently mistype a name I won't have to watch the browser spin while it tries to connect to the stupid VeriSlime search site.
posted by 216.165.14...
No Site Registration is Required to Post - Site Membership is optional (Member Features List), but helps to keep the site online
for all Saabers. If the site helps you, please consider helping the site by becoming a member.