Hi, all... On 22 Sep 2003 at 10:36, Serge Knystautas wrote:
> Here's a stupid idea... the first time you get a domain suffix (.net, > .org) that you haven't tested before, have the code generate a random > 20-30 character string, add that suffix, and look it up. Statistically > it will resolve to the abusive root domain's target. Then you proceed > with your check on your fake domain, and if it resolves to the same, > it's pretty clearly a fake domain. > > A bit off the wall, I know, but perhaps more foolproof. > I have been thinking about this, in a different situation, and personally i think it's best solved at DNS level. That's where it comes from anyway. So it should be dealt with by the resover or by the DNS server. There are patches for BIND that take a nice approach in accepting only NS records from top level dns-servers. If you do go this way consider that domains like a.net or a.museum are IANA reserved and will therefore never be valid wich makes any ip it resolves to extemely likely to be the result of a wildcard. This works, at least for com, net and museum. I a'm not aware of any tld's that allow single letter domains, but if they are around this might break... Another thing to be aware of is multiple A records and round robin DNS, not unlikely when trying to handle all traffic caused by typo's. Gretting Arjan Veenstra --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
