VeriSign Shutting Down Site Finder

00420 writes "VeriSign, the administrator of the .com and .net domains, made plans to shut down its new Site Finder service Friday, after the Internet Corporation for Assigned Names and Numbers ordered the company to undo controversial changes. Of course they're not taking it down because it affected the internet, they're just doing it to keep good relations with the technical community. (Seems a little late for that doesn't it?)" The shutdown is not complete yet, though: VeriSign hasn't changed their wildcard DNS entry (64.94.110.11).

Starwars Moment

[Lord_Dweomer (648696)]

Anybody else having that giddy feeling right now? Like the first time you saw Luke blow up the Deathstar in A New Hope?

Re:Starwars Moment

[aardvarkjoe (156801)]

That means that we're going to have a bigger, badder SiteFinder pretty soon, right?

Re:Starwars Moment

[Kenja (541830)]

[Emperor Voice]I'm afraid the Site Finder will be quite operational by the time your friends arrive.[/Emperor Voice]

Re:Starwars Moment

[NanoGator (522640)]

"I'm afraid the Site Finder will be quite operational by the time your friends arrive."

I'm endagering the mission, I shouldn't have posted.

Re:Starwars Moment

[spektr (466069)]

That means that we're going to have a bigger, badder SiteFinder pretty soon, right?


We could find: "www.gnu.org"
There is a Web site at this address.

Are you sure? (*) No ( ) Yes [SUMBIT]

Did You Mean ?
We did find these similar Web addresses.

www.sun.com [sun.com]
www.microsoft.com [microsoft.com]
www.sco.com [sco.com]

Re:Starwars Moment

[petabyte (238821)]

You forgot one important thing though: Verisign doesn't manage the .org TLD [publicinte...gistry.org].

As such, I'm glad to have one [yottabyte.org]. :)

Re:Starwars Moment

[Lord_Dweomer (648696)]

" That means that we're going to have a bigger, badder SiteFinder pretty soon, right?"

My friend read your reply, and said, "Don't worry, Lando will blow it up and save us all."

To which I replied, "Lando is a fictional character who doesn't exist."

He got a very hurt, very serious look on his face and replied in a very shakey voice, "Lando WILL save us all!"

I made my exit from the computer lab shortly after for fear he would go wookie on me and rip my arms off.

Re:Starwars Moment

[NTmatter (589153)]

I'm not getting a good feeling about it. Look to the bottom of the article, and you'll see:

"ICANN is using anecdotal and isolated issues to attempt to regulate nonregistry services, but in the interests of further working with the technical community, we will

temporarily suspend Site Finder."

Perhaps they'll just rename to "site searcher" and declare that they've shut down the "Site Finder" service.

Re:Starwars Moment

[Theatetus (521747)]

Easy: the one way to guarantee us geeks will get our panties in a BIND (heh heh) is to have a Responsible Designated Party (tm) violate an RFC or standard. The standard says a DNS server does not return an IP address when no such host or domain exists, NOT that the DNS server resolves the request to some "default no such domain" domain.

I think it also irked a lot of people because it really shows how much the Web has been pushing out all other Internet protocols to the point that the rest don't seem to matter to the Powers That Be anymore. Quite a few Internet users, I imagine, access email and news (and even chat) through the Web. But the other protocols are still there, and still in use.

Personally, it pissed me off because I administer several nameservers and when I mistype a domain in a dig or nslookup I want to SEE IMMEDIATELY that no such domain exists rather than remembering "oh right that's the Sitefinder IP address". Some of the scripts I've written depend, in fact, on nslookup saying "server can't find yaoho.com" and I've had to instead look for the sitefinder IP address.

Anyways, short answer is: geeks hate it because we tend to believe in standards since adhering to standards is the only reason the Internet got off the ground in the first place and it's just as important nowadays that we keep them up.

Too little too late

[Tack (4642)]

I won't be doing any future business with Verisign, and I plan to transfer my domains to another registrar.

I never much liked Verisign in the past, but since I already had an account there, using them to register new domains was simply the path of least resistance. But their SiteFinder is the straw that broke the camel's back.

Jason.

Re:Too little too late

[ApheX (6133)]

How long HAVE you been paying $35/yr for your domains?!

Re:Too little too late

[Elwood P Dowd (16933)]

Not only that, but from now on I won't be registering any .com or .net domains. It'll be .org every time.

Re:Too little too late

[carpe_noctem (457178)]

Same here. But I only plan to register .cx domains. ;P

But is that all?

[WanderingGhost (535445)]

Call me paranoid, but... I wonder if they'll try to revert the situation, or come up with some other (equally hazardous) idea to replace this one. If they invested some money into the idea, I guess they won't give up that easily.

Re:But is that all?

[Pyromage (19360)]

I hope that they realize that they won't be allowed to do something like this again; given that, it follows logically that they won't throw good money after bad. They may look for an equally offensive idea that *doesn't* violate everything good in the world (and therefore wouldn't get them sued), but I don't think they'll try this one again.

what...?

[TedCheshireAcad (311748)]

So.....go....ICANN?

I thought we didn't like them?

Re:what...?

[xanthines-R-yummy (635710)]

ICANN, YouCANN, we all CANN for ICANN!

Re:what...?

[Kierthos (225954)]

We like them today, because they are hitting Verisign, who we hate more. Tomorrow they will do something stupid and we will hate ICANN again. Such is the way of things here on Slashdot.

Kierthos

Awwww...

[Disco Stew (703497)]

I love how they play it off like: "Fine, ya big babies, we'll turn it off for a little bit; just to shut you up."

They're such a bunch of jackasses! It's like spitting in our faces for THEIR wrong-doing.

So... nothing about those lawsuits?

[Gwala (309968)]

they're just doing it to keep good relations with the technical community.

So, it has nothing to do with the three lawsuits by godaddy, netster and their ilk?

Riight.

-Gwala

How Does VeriSign Even Stay In Business?

[jbottero (585319)]

I have a very difficult time understanding how VeriSign stays in business at all considering there are much better options for both domain registration and secure certificates.

Re:How Does VeriSign Even Stay In Business?

[op00to (219949)]

Where do you think the bulk of your domain registration fees go to?

Re:How Does VeriSign Even Stay In Business?

[mabu (178417)]

The answer is simple. Do your research. You'll find out that Verisign is owned by a bunch of very-well-connected people that seem to know their way around Langely all too well.

Re:How Does VeriSign Even Stay In Business?

[mabu (178417)]

Verisign's connections with the government are MUCH more insideous than most people know.

I still believe the whole concept of charging for domains was technically illegal. They had a grant from the government to manage the TLDs and almost EXACTLY like what happened in the DNS redirection debacle, they decided to arbitrarily change the terms of their service in direct conflict with the agreement under which they were operating.

At the time of the domain charge scam, they got away with it in part, due to the inciteful activity of one big corporation that decided to register virtually every common name they could think of, from diarrhea.com to diapers.com. So the public turned the other way and didn't question the legality of the domain charge in the first place. Only later did someone challenge this and something like half the charges were ruled illegal. But who got their money back? Nobody to the best of my knowledge. NSI stole millions of dollars from the Internet community. What happened to this money?

Then there is the whole issue of the ridiculous terms of service Verisign/NSI employ which are arguably legal in the first place relative to managing domains. Up until recently, we had a domain that legally didn't require any renewal fee (because it was registered before NSI had the facist TOS agreement) but when we changed the nameserver, we couldn't do so without agreeing to the new terms and then were liable for renewal charges.

Re:How Does VeriSign Even Stay In Business?

[k12linux (627320)]

Based on my experience, visibility and FUD seem to be the biggest factors. When it came to getting a cert, I've seen otherwise very intelligent people "play it safe" and go with Verisign. The same thing goes for registering domains.

As long as Verisign can get people to believe their 128-bit certs are better than the next guy's 128-bit cert, they'll get the premium. The problem is usually the people who control the money and decide which vendor to use. They're often not the ones who can evaluate based

Re:How Does VeriSign Even Stay In Business?

[karl.auerbach (157250)]

Verisign gets $6 each year for each and every registration in .com and .net no matter who you "buy" the name from.

This $6 amount was fixed into the contract under which ICANN (with the help of the US Dept of Commerce) gifted .com unto Verisign effectively in perpetuity (infinite renewals unless Versign does something very, very bad). There are no provisions in the contract to drive that amount to a lower amount. I voted against that contract.

W00T!

[Lord_Dweomer (648696)]

Good news.....FINALLY! I swear to god...you read /. for a couple weeks.....and the news is so forboding sometimes that you think the headline tomorrow is going to be "APOCOLYPSE! WE'RE ALL GOING TO DIE!". Then a story like this comes along and makes me cheer and gives me a glimmer of hope. Makes me feel like I'm manic depressive.

Damn the Goddess of Geekdom, she is a fickle mistriss!

Re:W00T!

[AllUsernamesAreGone (688381)]

Hey, don't worry about it - if slashdot DID run a "APOCOLYPSE! WE'RE ALL GOING TO DIE!" story, it'd be denounced as a corporate plot, we'd get a dupe and then it'd turn out that the story was actually exaggerated and it is really only going to be a problem for somewhere nobody cares much about, like Utah...

They'll be back...

[PSaltyDS (467134)]

From the article: "We will accede to the request while we explore all of our options." or, "All night lawyer party at the home of the VP for marketing!" Techs and engineers will not be invited.

Any technology distinguishable from magic is not sufficiently advanced.

What are some alternatives?

[by Anonymous Coward]

Well, seeing how much ass Verisign sucks, what are the best options out there for people wanting to jump ship?

NANOG Linkage

[The One KEA (707661)]

Here is the start of a thread on the NANOG mailinglist:

http://www.merit.edu/mail.archives/nanog/msg14917. html [merit.edu]

Just goes to show how pissed people really are.....

Verisign vs. ICANN

[r_glen (679664)]

Good news! I can now go back to hating both companies equally.

huh?

[Neophytus (642863)]

Weren't they just "suspending" it? I anticipate a quiet revival sometime in the future.

It's still up and running.

[sakusha (441986)]

Note that "making plans to shut down" does not equal "shut down."

Email from Verisign

[gfilion (80497)]

From: owner-registrars@verisign-grs.com
[mailto:owner-r egistrars@verisign-grs.com]On Behalf Of VeriSign Customer
Service
Sent: Friday, October 03, 2003 6:08 PM
To: registrars@verisign-grs.com
Subject: [RegistrarsList] VeriSign NDS Response to Suspension of Site

To All Registrars,

I am writing to update you on VeriSigns Site Finder service. On Friday,
October 3rd, the Internet Corporation for Assigned Names and Numbers
(ICANN) directed VeriSign, Inc., to temporarily suspend service no later
than 6PM PST, Saturday, October 4. VeriSign requested an extension from
ICANN for 3 additional days for the shut down in order to provide the
technical community time to make any necessary system changes.
Unfortunately, ICANN refused this request. Accordingly, in response to
this demand, VeriSign is temporarily suspending the Site Finder service
as of Saturday, October 4 at 6PM PST.

In suspending the service, VeriSign will remove the wildcard A records
from the .com and .net zones and revert to the former behavior for these
zones which is returning Name Error/RCODE=3 in response to queries for
nonexistent domain names.

VeriSign remains committed to improving the Internet user experience.
We look forward to providing the Site Finder service following this
suspension. Thank you for your business. We greatly value our
relationship with you.

Best Regards,

Chris Sheridan
Manager, Customer Service
VeriSign, Inc.
www.verisign.com

Re:Email from Verisign

[hey (83763)]

We look forward to providing the Site Finder service following this suspension.

Er, what?
Maybe they have plans to let ISPs wildcard to Sitefinder for a kick back.

ICANN's power

[chrispyman (710460)]

I guess this goes to show that after all ICANN does indeed have some authority over Verisign. Maybe ICANN isn't the pointless and powerless body we though they were.

This HUGE problem hasn't bothered me one bit

[by Anonymous Coward]

I simply placed a entry in my HOSTS file and blocked out Verisign's DNS hi-jacking.

Aren't you cool

[by Anonymous Coward]

Simple solution. Everyone just has to manually edit their HOSTS file every time Verisign changes something.

Good thing people like you are around to tell us these things.

We know why they are doing it . . .

[werdna (39029)]

Of course they're not taking it down because it affected the internet, they're just doing it to keep good relations with the technical community.

Nonsense. They have already demonstrated significant contempt for the technical community -- remember their original response to ICANN's advisory?

They are doing it because ICANN's last letter put their super-duper exclusive right to operate the DNS in play. Maybe ICANN could terminate, maybe not -- but who would put the entire business on the line for this opportunity -- particularly when there still is a chance to negotiate something like that in the future?

A few things

[m0i (192134)]

I find interesting that Verisign requested 3 days before shutting down the service to give time for the tech community to adjust.. Did they do this when the service kicked in?
Also, a quick hint to all of you stuck with Verisign to renew because the domain is past due:
Verisign renewal [stayoffer.com]
Pay 15USD instead of 35USD for the very same 1 year reneal service.. Ain't that great?

Re:A few things

[pjrc (134994)]

I find interesting that Verisign requested 3 days before shutting down.... Did they do this when the service kicked in?

YES, they did give some advance notice.

In fact, Slashdot had coverage 4 days before it went into effect [slashdot.org].

The actual news coverage was at Computer Business Review [cbronline.com] 6 days before Verisign went live with SiteFinder on Sept 15.

Perhaps it was known before then, but there was certainly more than 3 days. That doesn't make Verisign any less slimey for doing this. But to say they did it without even a few days warning would clearly contradict the news coverage of their intentions at Computer Business Review and here at Slashdot (if you can stomache calling slashdot "news").

Re:A few things

[Phroggy (441)]

Verisign still gets your money - GoDaddy has to pay them $6/yr per domain. That's the wholesale fee Verisign charges to all registrars for .com/.net domains.

I feel sorry...

[infolib (618234)]

...for the guy who some day down the line gets 64.94.110.11. All these null routes probably won't go away that easily. He'll have lots of mystified users...

It will be back ....

[Leme (303299)]

Considering the massive amounts of money I'm sure they have spent on hardware, development and other neccesities on this silly project, I'm pretty confident to say that they just won't roll over and stop without a fight.

I'm sure the lawyers will drag this one out in court.

Verisign is breaking their contractural agreement

[krappie (172561)]

"If VeriSign does not comply with this demand by 6:00 PM PDT on 4 October 2003, ICANN will be forced to take the steps necessary to enforce VeriSign's contractual obligations."

Heres one violation that I found.

As noted in the Message from Security and Stability Advisory Committee to ICANN Board [icann.org]:

Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.

Now take a look at verisign's .com and .net contractural agreement in section C4 [icann.org]:

4. Nameserver functional specifications

Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182

Of course, Im no lawyer. Any comments on this would be appreciated. It looks pretty clear to me that Verisign isnt meeting their contractural agreements.

I like how Verisign is trying to act like ICANN is acting so rash and irresponsible:

"Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."

This is what ICANN is for. This is excellent news! It doesnt matter how many moronic web users are clicking on things when verisign's page comes up or how useful Verisign's market research shows it is. Its important to adhere to standards. Verisign's excuses are hilarious. "Users find it useful. It has nothing to do with the loads of advertising money we get. I swear!".
Its always about money.

Not complete yet?

[kasperd (592156)]

The shutdown is not complete yet, though: Verisign hasn't changed their wildcard DNS entry

Actually that means the shutdown has not started yet. Removing the DNS entry is the only thing that matters. The actual webserver can stay for as long as they want, but the IP address 64.94.110.11 will of course never be usable again. We will have switched to IPv6 before the last filtering of that address is removed.

Distribution Point

[Scoria (264473)]

Many installations of several Web browsers are susceptible to exploitation. If SiteFinder were somehow compromised externally or internally, one could hypothetically distribute malicious software to a prodigious group of individuals. According to the relevant Yahoo! [yahoo.com] article, approximately 1.5 million clients were redirected to the "service" daily. Imagine the possibilities!

the REAL verisign press release

[taped2thedesk (614051)]

Dear Internet User, In an effort to comply with ICANN's request, we have shut down site finder. Instead, the wildcard dns entry will now point to goatse.cx. We hope you find our new "non-registry" service useful, and look forward to your comments, which can also be submitted at goatse.cx. With Love, Verisign

Verisign Discards Wildcards...

[MadEyeMoody (708022)]

As of about 8:00 PM EST the wildcard A records pointing to 64.94.110.11 appear to be gone. I'm now getting normal NXDOMAIN responses to queries for nonexistent names.

As for the Web site, I suppose they must have taken that down, too. If you try explicitly going to http://64.94.110.11 [64.94.110.11] (sitefinder-idn.verisign.com) you get a keen little page that says

We didn't find: "64.94.110.11"
There is no Web site at this address.

and I'm sure VeriSign wouldn't fib about a thing like that....