Adam Roach <adam(_at_)dynamicsoft(_dot_)com> writes:
Because this is probably a community of interest for the
topic of DNS, I thought it would be worthwhile mentioning
that Verisign has apparently unilaterally put in place
wildcard DNS records for *.com and *.net. All unregistered
domains in .com and .net now resolve to 64.94.110.11, which
runs a Verisign-operated web search engine on port 80.
And SMTP on 25/TCP.
The current setup breaks setups like
example.com 86400 IN MX 10 mail1.xeample.com
example.com 86400 IN MX 20 mail2.example.com
Previously, MTAs could not resolve xeample.com and would therefore use
the secondary. Now, they can, and get a 550 error on RCPT TO:.
Granted, the setup has always been erroneous and risky, but breaking
this without proper notice is still extremely annoying.