Re: How can I block Verisign?

M> Ever since Verisign horribly abused its root server=20
M> privileges (which should be revoked) [...]

It hasn't, yet, abused its root server privileges. That conflict is=20
yet to come. It has abused its GTLD ("com." and "net.") server=20
privileges.

And, yes, the proper (and only) way to deal with this is to revoke=20
Verisign's authority over "com." and "net.".

M> Are there not Verisign IP addresses I can block?=20

Doing this doesn't correct the problems in domain name validation in=20
various softwares.

<URL:http://homepages.tesco.net./~J.deBoy...ign-internet-=
coup.html#Resistance>

M> And is it safe to block Verisign root servers?=20

Answering the question that was actually asked: Yes, the other 11=20
of ICANN's root servers will still be accessible.

Correcting your conflation of "root server" with "'com.'/'net.'=20
server" and answering a different question: No. This will prevent=20
you from being able to lookup "com." and "net." or any of their=20
subdomains.

M> Any suggestions are welcome;=20

Contact Verisign and your chosen root server organisation. Tell the
root server organisation to tell Verisign to cease employing its
wildcards, and to threaten to stop delegating authority for "com."=20
and "net." to it (and instead to delegate that authority to a more=20
co=F6perative organisation) if it does not comply. If your chosen=20
root server organisation does not comply, threaten that you will=20
stop delegating _your_ authority over the DNS namespace to _it_.