ICANN Asks VeriSign To Stop DNS Wildcarding 221
MrClever writes "In this article over at the Sydney Morning Herald (AU), it looks as though ICANN may actually be doing something about the VeriSign changes to .com and .net TLD's. Apparently, while they have been noticably quiet, they have been reviewing community reaction and analysed data from a technical perspective. Here's hoping ICANN pull the plug on VeriSign's TLD administration rights!" And TALlama writes "RSS.com.com (dear $DIETY, will it ever stop?) is reporting that ICANN has asked VeriSign 'to voluntarily suspend the service' of wildcarding DNS, 'pending further study.' Calling it a 'service' is a little bit of a misnomer. If I punch people in the face, can I call that a service, too?"
This just in: (Score:3, Funny)
Re:This just in: (Score:3, Funny)
ICANN asks Timothy to stop posting Dupes (Score:5, Informative)
Re: ICANN asks Timothy to stop posting Dupes (Score:2, Funny)
oh
never mind
infinite recursion (Score:5, Funny)
Loop:
Slashdot reports story, smh reports story, slashdot reports smh reporting (slashdot story), smh reports story again (cos Slashdot did).
Repeat until servers full.
Re:infinite recursion (Score:2)
Freedom? What's that? (and my age is showing again)
Re:ICANN asks Timothy to stop posting Dupes (Score:5, Informative)
A service? (Score:5, Funny)
Yes, because so many people need what you are selling.
Re:A service? (Score:1, Funny)
No. But if you punch people in the face and remove their wallets, then you can call it a service. "Lightening of valuables" comes to mind as a name.
Re:A service? (Score:5, Funny)
Re:A service? (Score:5, Funny)
Shift your paradigm and e-leverage yourself into the 90s already.
Punching VeriSign people in the face is a solution, not a service.
GST (Score:3, Funny)
Well in Oz we have a 10% Goods and Services Tax (GST) - so technically you would have to give 10% to the government too.
Q.
Volunteer! (Score:2)
Re:GST (Score:4, Funny)
Comical definitions of 'service' (Score:2)
"If dropping bombs on the enemy was not a special service, he reflected aloud frequently with the martyred smile of sweet reasonableness that was his loyal confederate in every dispute, then he could not help wondering what in the world was."
-Gen. Peckem
VerySued.Com (Score:5, Funny)
(ICANN) has asked VeriSign to voluntarily suspend changes it made to domain name service zones that have resulted in most mistyped .com and .net domain names being redirected to its own site.
I predict the most common misspelling of VeriSign.com will be VerySued.comRe:VerySued.Com (Score:2, Funny)
404 (Score:5, Informative)
404? A HTTP response from a DNS request? Please get your facts straight com.com...
Re:404 (Score:2)
Re:404 (Score:2)
It "effectively" does other things too, but that's the effect that most people are going to notice.
Re:404 (Score:2)
Re:404 (Score:5, Informative)
the article makes this mistake again also in the last paragraph VeriSign is not alone in seeking to replace 404 errors. Microsoft has also directed users of its Internet Explorer Web browser to a Microsoft search page when typing unassigned domain names into the browser's URL bar.
unassigned domain names != 404 errors
who the hell wrote this article ?
Re:404 (Score:2, Informative)
Re:404 (Score:5, Informative)
a proxy/gateway could return that i guess, though it should return 502/504 rather than 404 which implies that a spesific page wasn't found on the server.
as for the verisign sitefinder.. yesterday(or day before that) i used to get to them with purposedly wrongly typed addresses i tried, but not anymore(and no, it NEVER replaced 404 errors on existing servers, if they did that it would be a 'very nice trick' on behalf of them, since i can't figure out how they could do that with the current systems in use).
Re:404 (Score:1)
everyone start typing extra long fuck you urls..
finally... (Score:1, Informative)
Re:finally... (Score:4, Interesting)
VeriSign is a great service if you're not planning on making any changes to your domain information. A few years ago I needed to update my name. VeriSign "offered" (the free version was in small print and out of the way) the service to have my name change rushed for over $100.
I suspect ICANN is stepping in due to public pressure, not VeriSign.
A dup is okay... (Score:5, Funny)
Wake me up when it escalates to wrist-slapping.
Re:A dup is okay... (Score:5, Interesting)
I've lost count the number of times i've seen people in
What if SCO just asked for its code not to be used instead of sending the lawyers in?
Or Apple records asked Apple computers to stop selling music?
etc...
IAB Issues DNS Wildcard Guidelines (Score:5, Informative)
The IAB has issued a set of guidelines for the us of DNS wildcards [iab.org].
Essentially, they say it's a very bad idea, but you can do it with the informed consent of all delegates in your zone.
ICANN Action (Score:2)
Rus
Tis Done (Score:3, Informative)
Re:Tis Done (Score:1, Informative)
Re:Tis Done (Score:2)
I'm guessing my home ISP, and yours too, have applied a DNS patch to knock SiteFinder out of action.
Re:Tis Done (Score:2)
.nu? (Score:5, Informative)
Re:.nu? (Score:5, Insightful)
TLDs with a monopoly really can't be told what to do, because there's no one competing with them in the first place.
With VeriSign doing this on
Re:.nu? (Score:2)
When this all settles down I'll update all of my nameservers with a complete list of tlds who do this and block them all.
Re:.nu? (Score:4, Interesting)
Well, they shouldn't but .nu belongs to Niue, and so long as the proxy for the people (goverment) doesn't mind I don't have a problem with that they do. If I lived on Niue I would have a problem with it, but I belive in letter other people do stupid things. However .com and .net belong to the internet as a whole, and that means everyone needs to agree with what happens there. (Note, everyone in the wolrd, .us belongs to the USA, and those in other countries shouldn't be concerned about the stupid things .us is doing, while those in the US should)
This is the way I live my life: Don't harm anyone but yourself and I'll leave you alone. I won't agree with what you do, and speak against it, but so long as it doesn't harm others I don't care.
I have no clue how the goverment of Niue is overall, having never heard of them before. If they are "Evil", I might help those in the country to change things, but that is a completely different story and has nothing to do with domain naming.
They may ask.. but... (Score:5, Interesting)
iptables -I INPUT -j REJECT 69.94.0.0/15
maybe that will get Verisign's attention
Afterall theres nothing they can do about people blackholing them for a good long while until they say they are sorry. As a penalty they should lower the prices of their domain registration, to something competitive.
Re:They may ask.. but... (Score:5, Informative)
I suggest Installing the new version of bind instead.
Huh? (Score:2, Interesting)
I've never actually seen this happen. Is it possible that my provider (Earthlink) has blocked this in their own DNS servers?
Oops. (Score:3, Funny)
File not found. Bad command or deity.
Re:Oops. (Score:2)
Name "main::DIETY" used only once: possible typo at
Use of uninitialized value in concatenation (.) or string at
do search bots follow addresses to there? (Score:2)
i'm not saying that somebody with a popular page should do this.. but
Re:do search bots follow addresses to there? (Score:2)
What's the big deal? (Score:2, Interesting)
Although I know they will never release any stats on the kind of hits they are getting to that ip, it would be an interesting study. I would be interested to find out what the most misspelled domain is.
Re:What's the big deal? (Score:5, Insightful)
Re:What's the big deal? (Score:2, Insightful)
Re:What's the big deal? (Score:2, Interesting)
Why the fuck was this even modded up?
Retard mods.
Re:What's the big deal? (Score:3, Insightful)
For web pages, I couldn't care less. If I mistype a URL and get a search page instead of an error page, it's no big deal.
The problem is that this change doesn't just affect web pages. It affects every program that does a DNS lookup - which is almost everything.
This is not acceptable. If I mistype an address when sending mail, I want to get an immediate error back. I don't want a Verisign server to receive the message
Punch in the Face : Am improved analogy (Score:4, Interesting)
Of course you can sell your Punch in the Face services. Such services have traditionally gone under names such as
Now, this analogy actually does continue. You, as a sysadmin or someone writing a script that uses DNS, might not really like this service. Just like someone who is trying to take celebrity photographs might not like the Punch-in-the-Face service. But the fact is that this service is provided. And that there are a LOT of people who not only don't see this as a problem - but like it. Or at least think they do.
That is why Verisign thinks they can get away with this - the average person sees a benefit here and sees no drawbacks. The average person watching a boxing match also just sees the benefits and not the drawbacks. Until it is made clear why this isn't as good as it appears, nobody will care. Chances are, nobody will care anyway.
Kick Ass (Score:2, Funny)
"If I punch people in the face, can I call that a service, too?"
Some people already offer this service. [xmission.com]. Looks like you have some competition.
Terms Of Use (Score:3, Interesting)
Re:Terms Of Use (Score:2, Informative)
Dear Ryan,
Thank you for contacting VeriSign Customer Service. Unfortunately there
is not a way to opt out of the Sitefinder service. The terms and
conditions apply to the web site navigation and the search
functionality, not to the Sitefinder service itself.
Please learn more about Sitefinder by visiting our FAQ's, we have also
provided some technical issues to be aware of:
http://www.verisign.com/nds/naming/sitefinder/f a q. html
It went
Re:Terms Of Use (my fave) (Score:2)
Trust me, I won't sue! (BTW - is it act
It *is* "service." (Score:2, Funny)
Sign a petition, ho hum (Score:3, Informative)
There's a petition available. Now I don't know exactly how effective it will be, but signing is more effective than not.
http://www.whois.sc/verisign-dns/ [whois.sc].
rgds
Alan
Prediction: Verisign will claim IAB endorsement... (Score:5, Interesting)
After all, the IAB says here [iab.org] that "We must emphasize that, technically, this was a legitimate use of wildcard records that did not in any way violate the DNS specifications themselves."
If the decision-makers at Verisign cared about good engineering practice, they wouldn't have done what they did.
They probably regard their own actions as just "sharp business practice" and are probably patting themselves on the back for having found a loophole in the DNS specification that they can use for their own profit.
I don't think jawboning from ICANN, the IAB, or anyone else will have much effect. I don't see how anyone short of the Feds can stop them.
I mean, they have contracts with their SiteFinder advertisers. There's money at stake here.
BIND 8 patch for Verisign stupidity (Score:5, Informative)
This page [achurch.org] provides a patch to BIND 8 to ignore the wildcard A record Verisign is now returning for unregistered
This patch was made against BIND 8.4.1.
Re:BIND 8 patch for Verisign stupidity (Score:2)
Why don't the editors.. (Score:2)
A Service? (Score:3, Funny)
If you punch the verisign ppl in the face, you can bill me.
It's better than MS (Score:3, Insightful)
Why isn't anyone bitching about MS?
Re:It's better than MS (Score:2)
Probably because this is a feature of IE, not a change to the way the net works.
To get rid of it:
Re:It's better than MS (Score:3, Funny)
Re:It's better than MS (Score:2)
"Considerably easier", I type into Safari on my Mac :-)
OTOH, sometimes you're stuck in a workplace where they require use of IE, and (as long as they haven't disabled access to Internet Options), you can at least get rid of the MSN page.
Re:It's better than MS (Score:4, Insightful)
Re:It's better than MS (Score:3, Informative)
Why isn't anyone bitching about MS?
First off, people do bitch about that behavior of IE.
Second off, that is a feature of Internet Explorer, the application. It does not violate any RFCs, nor does it adversely affect any critical Internet infrastructure. It's not a part of Windows' TCP stack or anything silly like that. Also, you can turn it off or even redirect it to any other site you want.
It's not the same ballp
Re:It's better than MS (Score:2)
Why isn't anyone bitching about MS?
Probably because alot of us haven't noticed it because we either A) don't use IE, or B) type well enough to not have that problem, or C) Don't even come close to Windows.
that'd pretty much explain that. Oh yes, and the obvious part: The MS IE page is clientside... it doesn't change the Internet, it just gives you the illusion.
Verisign Hack (Score:3, Interesting)
Yes you can call punching people a service (Score:2, Funny)
Then there is always the bouncer at your local bar. He provides a service that frequently involves punching people.
Bulls "service" cows every day (Score:2)
This explains VeriSign's 1,920% jump... (Score:2)
These guys have always been sneaky. Remember when they sent out the "nameless" re-register postcards? I guess scum never changes....
Go Daddy Sues Verisign (Score:2)
Link to the press release is here [godaddy.com]
Moo (Score:2)
Of course. Hit them in the nose and let blood. They should be thankful!
Don't you hate it (Score:2, Funny)
Re:Another story (Score:1)
Re:What's wrong with domain forwarding? (Score:3, Insightful)
I prefer that my redundant mailservers actually get used.
Do some reading before trying to justify what's been done.
site finder is misleading (Score:5, Interesting)
It isn't nearly as helpful or reliable as google (even if google is censored a bit).
It causes me to download more stuff than I would if they didn't have the diversion abusing my bandwith and data allowances that I have to pay for.
I can turn the msn search in IE off. I turned the sitefinder.verisign.com off by modifying my hosts file but that isn't easy for most of the customers I support.
Re:site finder is misleading (Score:2)
I just tried it and it found
-Sean
Re:site finder is misleading (Score:2)
Re:What's wrong with domain forwarding? (Score:5, Informative)
In addition to web traffic, they are also intercept email traffic. So if you mistype an email address, they will get the email and keep it and you won't get a bounce.
The Register has an article about how VeriSign Broke My Printer [theregister.co.uk].
The Register also reported that VeriSign is using Web Bugs [theregister.co.uk].
Re:What's wrong with domain forwarding? (Score:2, Informative)
Wrong.
To start with, only A records resolve to the Verisign servers. MX records don't resolve to anything.
However, most mail servers will try the A record if the MX record doesn't exist. Verisign have set up a server running Postfix which responds with: 550: Client host rejected: The domain you are trying to send mail to does not exist.
At this point, the mail server sends a bounce message and does not
Re:What's wrong with domain forwarding? (Score:2)
Hmm, I was about to reply and say you're wrong, it's not Postfix - but then I checked, and they've changed it! When the service was first deployed, it was using a custom script that didn't even understand SMTP, it was just waiting for a certain number of lines, then displaying an error. It seemed to me that this script probably wasn't sophisticated enough to harvest e-mail addresses. Now that they're using a real SMTP server, though, I'm not s
Re:What's wrong with domain forwarding? (Score:3, Interesting)
Rich
Re:What's wrong with domain forwarding? (Score:3, Interesting)
Re:Slashdot losing its edge? (Score:2, Funny)
-AX
Re:Slashdot losing its edge? (Score:2)
Re:Wildcarding? (Score:1)
Any unregistered
This is a problem becuase no sites report as being nonexistent, and because it makes it look like VeriSign owns the web.
Re:Wildcarding? (Score:5, Informative)
Okay, in simple terms..
DNS is the method of resolving names to IP addresses, it's what turns 'www.slashdot.org' into 66.35.250.151, or 'www.google.com' into 216.239.59.99
Wildcarding DNS is when instead of saying 'www.slashdot.org is 66.35.250.151' you effectively say 'Everything is 66.35.250.151' and so any domain you're asked to resolve goes to Slashdot's IP address.
What VeriSign have done is to add a final rule to their list, saying 'Anything not in the above is 64.95.110.11' (Or whatever the IP is of their SiteFinder service). This has the result that any DNS request that formerly would have returned an 'Unable to resolve' message now thinks it's resolved correctly to the IP address.
The stink this is causing with spam mail is that a lot of anti-spam measures rely on being able to weed out mail from made up domains simply by checking if the domain resolves correctly.
DNS is actually a *lot* more complex than this, but I think that'll do to explain what's going on here.
Re:attention whore mod parent down (Score:2)
Re:Wildcarding? (Score:5, Informative)
Re:Another reason to stop it. (Score:2, Insightful)
IOW (Score:2)
Yeah, that follows.
Re:It is service! (Score:2)
Definition of service (Score:2)
Re:Is it really worse than domain squatting? (Score:2)
As almighty as MSN thinks they are, they don't provide
Re:Terms of Use (Score:2)
Yup, its from
-Sean
Re:Terms of Use (Score:2)
Did they even bother to reply? I'm guessing they didn't... not responding would be the arrogant thing to do, and when has Verisign ever passed up on the chance to do the arrogant thing?