Verisign Considers Restarting Sitefinder

Rosco P. Coltrane writes "The Washington Post reports that VeriSign is considering reviving its infamous search engine. 'Site Finder was not controversial with users' says VeriSign's Tom Galvin, and VeriSign 'assured ICANN that it would give 60 to 90 days' warning to resolve any remaining technological problems.' Such as leaving the DNS service alone for example?"

And microsoft does this anyway to all windows user

[freerecords]

When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search.. (talking for users on School networks, with Windows terminals) which offers the option to use the great Hotmail (Spam Central), Shopping (at ridiculous prices, from the company which could afford to give us all we want free) etc.

Mirror

[Ddalex]

Fast mirror here [mirroredby.go.ro]. Enjoy the Net exploatation !

Re:And microsoft does this anyway to all windows u

[Tet]

When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search.

There's a difference. Microsoft only do it at the application layer, with a particular browser that they provide. If you don't like it (and I can't see why anyone would), you can always switch to one of the many [mozilla.org] alternatives [opera.com]. Verisign's site finder operates at the DNS level. It's not as if you can choose to not use DNS, or switch to another name service.

Re:And microsoft does this anyway to all windows u

[freerecords]

That is fair enough.. but what about those of us unfortunate enough to be on a school network where we can't install a single thing (not even Mozilla Firefox, bird whatever..) And where we can't access settings. The other point was that for home users, many of whom do not know how to use the configuration to turn off M$ autosearch, it is just as bad as the Verisign is.

Re:And microsoft does this anyway to all windows u

[cgranade]

Understood. I'm not trying to defend MS, but merely point out that with MSIE, there is an alternative in most cases. Whether or not this alternative is pursured, well, that's another matter. At anyrate, my only point is that it is possible to avoid MSIE, whereas it isn't possible to avoid Verisign short of: 1) using pure IP addresses w/o domain names, 2) using alternate DNS servers, or 3) raise enough bloody hell to give Verisign a run for their money.

Contact Verisign.

[MooKore 2004]

All slashdotters, espeically people that were seriously affected by sitefinder, please complain NOW. [verisign.com] Let them know how controversial it is!

Re:And microsoft does this anyway to all windows u

[infront314]

You can change the url to anything you like.

Just do a about:config and change the keyword.URL setting.

I set mine to http://www.google.com/search?btnG=Google+Search&q= which is a regular Google search.

Re:And microsoft does this anyway to all windows u

[alien_blueprint]

And firebird^H^H^H^Hfox does it for google ...

Are you sure?

I just tried a domain name that doesn't exist, and instead of being taken to Google or any other place, I saw a "www.randomdomainname.org not found" dialog box instead. It doesn't even give me an option to feed it to a search engine from there.

IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.

Perhaps you've installed a plug-in or extension that is doing this?

Also, M$'s way sends you back to a Microsoft page - which is expected

No, it isn't. I expect it to say "domain name not found". End of story.

That is pure evil.

[demonic-halo]

I love the idea.

That would just put so much stress on BIND servers around the world. It can just very well bring down the internet for most of the world. That could easily cause a massive slow down in just looking up domain names since the caches can fill entire databases.

Re:And microsoft does this anyway to all windows u

[Anonymous Coward]

Many sites cannot be reached by their IP address alone. Ever heard of shared hosting ("name based virtual hosting")?

Re:You would think...

[gclef]

Actually, rather than ban the SiteFinder IP, ISPs will probably just accelerate their plans to move to bind 9.2.3, so they can use the "delegation-only" option, which solves the problem once and for all.

If you just ban the SiteFinder IP, Verisign can move it..and then you're just playing whack-a-mole. If you mark .com and .net as delegation-only zones, then bind will drop the SiteFinder responses as invalid, no matter what IP Verisign responds with.

Re:And microsoft does this anyway to all windows u

[AllUsernamesAreGone]

... where we can't install a single thing

If you can save files somewhere (most schools give you space on a central fileserver) then you can install Fire.* - download to filespace, unpack, run program. No full-blown Windows Installer access required.

And you're looking at the issue from the wrong perspective. Most admins couldn't care less what home users see when they type in the wrong URL: a search engine is a good as anything and probably the right thing to do for most people. What they do object to is the fact that wildcard DNS resolution breaks a lot of things end users never see but admins have to deal with on a daily basis - the resolution failure should be handled by the browser, not at the DNS level where there are times when you want a name that doesn't exist to not resolve.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Well...

[gclef]

I have to think you're trolling, but I"ll bite anyway. You're falling into the common trap of only thinking of DNS as affecting Web traffic. What about email? If you fat-finger your friend's email address, don't you *want* that email to come back, rather than dissappearing into the void that is Verisign? The wildcard they're putting into the DNS isn't just about web traffic. It's *all* DNS queries...that's going to affect email, ssh, nntp, everything. Once of the basic spam filters, for instance, is a check to see if the sender's domain exists. With the wildcard, *all* domains exist, causing you to get more spam.

SiteFinder the search service is fine. The DNS wildcard to *force* you to SiteFinder is what makes people angry.

Re:And microsoft does this anyway to all windows u

[Ice_Balrog]

"Firefox" will do an I'm Feeling Lucky search if you type in something it thinks isn't a URL. Type in, say, "slashdot" and Firefox will do an I'm Feeling Lucky search becuase it isn't a URL. Type in, www.dsfgsdfjghk.com and it will give an not found error because www.dsfgsdfjghk.com is a URL.

Re:And microsoft does this anyway to all windows u

[Anonymous Coward]

You are wrong, Windows users using IE has less than 50% of the market for programs that use DNS, which is what verisign is trying to break.

Outlook and Outlook Express have almost as many users as IE. And there are loads of IRC programs, and not to forget, Quake, Unreal Tournament and all the other online games.

Microsoft doing this stuff in the browser affects only people using IE, and even they can turn it off. Verisign doing this stunt with DNS affects everyone, not just web servers.

Re:Well...

[aug24]

If you read a large thread further up, you'll see that that functionality can only sensibly be implemented at the application (browser) level. To do it at the DNS level will break the DNS model. This means that any of the many other applications that use DNS will be broken as they can no longer distinguish between real and fake domains.

Trivial example: spam sender checks will now resolve for all attempts, thus preventing simple blocking of spoofed senders. Want more spam?

Justin.

Re:You would think...

[morganew]

Pretty sure that VeriSign no longer uses BIND.

[snippet from VeriSign website]

Server Software
VeriSign runs special name server software tuned to the requirements of authoritative name servers rather than recursive name servers. With this software, the VeriSign name servers boast exceptional performance, sustaining query rates an order of magnitude greater than the performance of a standard BIND name server.

VeriSign name servers support the latest DNS protocol enhancements to insure maximum security, features, and flexibility at all times.

A redundancy... on the main article

[ArbiterOne]

Especially since saying "...leaving the DNS service alone..." is redundant. DNS = Domain Name Service. That's like saying Domain Name Service service. Or like saying PIN number... or ATM machine...

ICANN should've said NO in the first place

[etherkill]

I'm with the general consensus who feel that this is a 'very bad thing'. However - ICANN made a big mistake in announcing it would undertake 'reviews'.

They should have simply given a big fat NO to Versign's Sitefinder in the first place.

Leaving the subject open for discussion was a big mistake, IMHO.

Re:And microsoft does this anyway to all windows u

[nmg196]

IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.

You recall incorrectly. If you type in a proper domain name, IE will just give you a "This page cannot be displayed - Cannot find server or DNS Error". It only tries to do a search if you type in non domain name type expressions. eg a phrase with spaces or a single word without any dots in it which doesn't match a local host.

I expect it to say "domain name not found". End of story.

That's exactly what it does say! Why do people keep confusing what happens if you type in *words*, with what happens if you type in a *domain*?

Please *try* these things before posting misleading rubbish that will only spark further trollish messages.

(I have tried all of the above in IE6)

Re:You would think...

[AKnightCowboy]

Pretty sure that VeriSign no longer uses BIND.

It doesn't matter what Verisign uses, your ISP (or you if you're running your DNS) configures your local DNS server with the option which prohibits types other than delegation records in the .com and .net zones. Verisign could be running Microsoft's DNS server for all we care as long as it talks the standard DNS protocols.

Re:Fine, if it's within your control

[MCZapf]

It would be more elegant to fix it at your DNS server, assuming you run one. Most have patches available that effectively null out the bogus replies quite nicely.

That was the idea behind RealNames

[blorg]

Unfortunately, or otherwise, they just couldn't get critical mass and folded when MS took them out of IE [searchenginewatch.com] (possibly because they wanted to emphasise MSN search instead).

There are good reasons for a hierarchy. Control is devolved, rather than concentrated in a single body. Each country has control of their own TLD, (excepting those that have sold it off) and believe it or not outside the US they *are* used, particularly for local businesses. And so on to the following levels: a domain owner has the freedom to set up as many third-level subdomains as they like (smtp.mydomain.com, pop3.mydomain.com, etc.). I don't know how this would work with a single-word system.

Anyway, many browsers *will* try .com on the end if you type in a single word, or you can just stick your favourite sites in your hosts file:

66.35.250.150 slashdot

Unbelievable

[Anonymous Coward]

"Site Finder was not controversial with users, 84 percent of whom said they liked it as a helpful navigation service," said Tom Galvin, VeriSign's vice president of government relations.

That's because 84% of people didn't understand how it worked or why it was bad. It like asking people if they'd like to get 80 miles to the gallon in their car, but not telling them they would have to use fuel that's $10/gallon. Of course they'll say yes when they don't know all the facts.

Re:Proof that some people never learn

[kimba]

Don't be surprised if they launch it in a different way.

For example, synthesising a pair of NS records for every non-existant domain rather than using wildcards. This will mean that this hack won't work, they are no longer using DNS "wildcards" per se, and all the concerns about protocol violation vanish.

Re:An extension of this idea

[CvD]

This already exists... there's a simple CGI script for poisoning spam lists. It just generates endless links with email addresses on them, which the email address spiders just all (assumingly) blindly copy:

Sugarplum -- spam poison [devin.com]

sample... [devin.com]

If more people would use this, perhaps the spammers AND verisign will be discouraged. Two bastards with one stone. :-)

Re:And microsoft does this anyway to all windows u

[edbarrett]

You do know that there's a lot more to the Net than the Web, right? And that having a website returned instead of the spec-ordered "No such domain" when you're using a different Net scheme (like email, or chat, or good ol' gopher) is fundamentally Wrong

It's not returning a web page, though. Your DNS resolver asks for, and receives, the numerical address to which the domain name is bound. Now, the fact that it's your browser using the resolver means that your browser goes out and retrieves a web page under false pretenses (because Verisign lied and said the domain name you typed exists when it doesn't); it's not like DNS said "Here's a web page in response to your query".

I'm not saying I disagree with your sentiment, just that it's wrong for a whole bunch of other reasons. Imagine an "intelligent" (for want of a better word) Yellow Pages that happens to display phone numbers for phone-sex services (who are paying YP for the redirection) whenever you look up the wrong company. Or the local crank that gives people directions to the nearest crack house when they ask him how to get to the mall.

Re:That was the idea behind RealNames

[lexxeh]

Something I recently noticed in Firebird is that single-word urls ('slashdot') are parsed thru Google's 'I'm feeling lucky'. Which is kinda cool. So long as you know the name of the site/company, and it's reasonably well-established, it works fine.