Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet The Almighty Buck Your Rights Online

VeriSign Shutting Down Site Finder 234

00420 writes "VeriSign, the administrator of the .com and .net domains, made plans to shut down its new Site Finder service Friday, after the Internet Corporation for Assigned Names and Numbers ordered the company to undo controversial changes. Of course they're not taking it down because it affected the internet, they're just doing it to keep good relations with the technical community. (Seems a little late for that doesn't it?)" The shutdown is not complete yet, though: VeriSign hasn't changed their wildcard DNS entry (64.94.110.11).
This discussion has been archived. No new comments can be posted.

VeriSign Shutting Down Site Finder

Comments Filter:
  • Anybody else having that giddy feeling right now? Like the first time you saw Luke blow up the Deathstar in A New Hope?

    • by aardvarkjoe ( 156801 ) on Saturday October 04, 2003 @01:54PM (#7133482)
      That means that we're going to have a bigger, badder SiteFinder pretty soon, right?
    • Re:Starwars Moment (Score:5, Informative)

      by NTmatter ( 589153 ) on Saturday October 04, 2003 @01:56PM (#7133495) Homepage
      I'm not getting a good feeling about it. Look to the bottom of the article, and you'll see:
      "ICANN is using anecdotal and isolated issues to attempt to regulate nonregistry services, but in the interests of further working with the technical community, we will
      temporarily suspend Site Finder."
      Perhaps they'll just rename to "site searcher" and declare that they've shut down the "Site Finder" service.
      • by Anonymous Coward
        > I'm not getting a good feeling about it. Look to the bottom of the article, and you'll see:

        Going with the Star Wars theme, aren't you supposed to say, "I have a bad feeling about this?"
  • by Tack ( 4642 ) on Saturday October 04, 2003 @01:52PM (#7133467) Homepage
    I won't be doing any future business with Verisign, and I plan to transfer my domains to another registrar.

    I never much liked Verisign in the past, but since I already had an account there, using them to register new domains was simply the path of least resistance. But their SiteFinder is the straw that broke the camel's back.

    Jason.

  • But is that all? (Score:4, Insightful)

    by WanderingGhost ( 535445 ) on Saturday October 04, 2003 @01:52PM (#7133468)
    Call me paranoid, but... I wonder if they'll try to revert the situation, or come up with some other (equally hazardous) idea to replace this one. If they invested some money into the idea, I guess they won't give up that easily.
    • I hope that they realize that they won't be allowed to do something like this again; given that, it follows logically that they won't throw good money after bad. They may look for an equally offensive idea that *doesn't* violate everything good in the world (and therefore wouldn't get them sued), but I don't think they'll try this one again.
  • So.....go....ICANN?

    I thought we didn't like them?
    • ICANN, YouCANN, we all CANN for ICANN!
    • Re:what...? (Score:4, Funny)

      by Kierthos ( 225954 ) on Saturday October 04, 2003 @02:11PM (#7133574) Homepage
      We like them today, because they are hitting Verisign, who we hate more. Tomorrow they will do something stupid and we will hate ICANN again. Such is the way of things here on Slashdot.

      Kierthos
      • Re:what...? (Score:2, Insightful)

        by Anonymous Coward
        You do realize you can like some things they do, but not others, right?

        Try it. Say "As a whole, I dislike ICANN, but they are right on with this whole SiteFinder thing." It makes you look like you can form a rational opinion on something, not this childish "give me some candy or you aren't my friend anymore" attitude that is so popular.
      • Such is the way everywhere.
    • Re:what...? (Score:2, Insightful)

      by RedBear ( 207369 )
      I thought we didn't like them?

      The question is meaningless. We don't have to "like" ICANN just because they did something "right" today (sort of). Nor do we have to dislike an organization or person that is mostly good if they do one bad thing.

      Maybe life isn't black and white. Maybe things aren't just "good" and "bad". Maybe a rational human mind can simultaneously hold two opposing ideas. Maybe an organizations historical competence and intent isn't changed by a single isolated action.

      Don't know why I

  • Awwww... (Score:2, Insightful)

    by Disco Stew ( 703497 )
    I love how they play it off like: "Fine, ya big babies, we'll turn it off for a little bit; just to shut you up."

    They're such a bunch of jackasses! It's like spitting in our faces for THEIR wrong-doing.

  • by Gwala ( 309968 ) <adam AT gwala DOT net> on Saturday October 04, 2003 @01:53PM (#7133478) Homepage
    they're just doing it to keep good relations with the technical community.

    So, it has nothing to do with the three lawsuits by godaddy, netster and their ilk?

    Riight.

    -Gwala
  • I have a very difficult time understanding how VeriSign stays in business at all considering there are much better options for both domain registration and secure certificates.
    • by op00to ( 219949 ) on Saturday October 04, 2003 @01:57PM (#7133498)
      Where do you think the bulk of your domain registration fees go to?
    • They're trading off their name, and the fact that ICANN tasked them with managing the .com/.net tld's. Hopefully this will have produced enough bad press to make people think twice.. Unfortunately, as we all know, the chances of Big Business and the suits in the boardroom actually paying attention to the fact that every sysadmin on the planet was pissed off with them is pretty minimal. Unless of course we start presenting our point of view in a nice glossy brochure in a smarmy sales meeting...
    • by mabu ( 178417 ) * on Saturday October 04, 2003 @02:04PM (#7133544)
      The answer is simple. Do your research. You'll find out that Verisign is owned by a bunch of very-well-connected people that seem to know their way around Langely all too well.
      • The answer is simple. Do your research. You'll find out that Verisign is owned by a bunch of very-well-connected people that seem to know their way around Langely all too well.

        Ding ding ding. We have a winner. Verisign sounds like basically any other government contractor. It's probably comprised of a lot of ex-civil servants who retired from their old high-power jobs in the government to take big contractor jobs with Verisign for much higher pay. Since they're still known around the government circle

        • I believe you are confused. SAIC sold Netsol to Verisign. SAIC is the secretive, well connected bunch that knows their way around Langely. Fort Meade too I believe.
          • The connections are still there, but not as obvious as they once were... but how do you explain a company that has repeatedly violated its operating agreements continuing to get business? ICANN is a total joke. The whole management of TLDs is a joke. The community should not stand for Verisign/NSI having any control over the TLDs whatsoever... they have repeatedly exhibited total disregard for the rules and rights of the community they serve. But they still get away with that? That's totally messed up.
        • by mabu ( 178417 ) * on Saturday October 04, 2003 @03:24PM (#7133973)
          Verisign's connections with the government are MUCH more insideous than most people know.

          I still believe the whole concept of charging for domains was technically illegal. They had a grant from the government to manage the TLDs and almost EXACTLY like what happened in the DNS redirection debacle, they decided to arbitrarily change the terms of their service in direct conflict with the agreement under which they were operating.

          At the time of the domain charge scam, they got away with it in part, due to the inciteful activity of one big corporation that decided to register virtually every common name they could think of, from diarrhea.com to diapers.com. So the public turned the other way and didn't question the legality of the domain charge in the first place. Only later did someone challenge this and something like half the charges were ruled illegal. But who got their money back? Nobody to the best of my knowledge. NSI stole millions of dollars from the Internet community. What happened to this money?

          Then there is the whole issue of the ridiculous terms of service Verisign/NSI employ which are arguably legal in the first place relative to managing domains. Up until recently, we had a domain that legally didn't require any renewal fee (because it was registered before NSI had the facist TOS agreement) but when we changed the nameserver, we couldn't do so without agreeing to the new terms and then were liable for renewal charges.
    • Based on my experience, visibility and FUD seem to be the biggest factors. When it came to getting a cert, I've seen otherwise very intelligent people "play it safe" and go with Verisign. The same thing goes for registering domains.

      As long as Verisign can get people to believe their 128-bit certs are better than the next guy's 128-bit cert, they'll get the premium. The problem is usually the people who control the money and decide which vendor to use. They're often not the ones who can evaluate based

    • by karl.auerbach ( 157250 ) on Saturday October 04, 2003 @04:06PM (#7134179) Homepage
      Verisign gets $6 each year for each and every registration in .com and .net no matter who you "buy" the name from.

      This $6 amount was fixed into the contract under which ICANN (with the help of the US Dept of Commerce) gifted .com unto Verisign effectively in perpetuity (infinite renewals unless Versign does something very, very bad). There are no provisions in the contract to drive that amount to a lower amount. I voted against that contract.
  • W00T! (Score:3, Funny)

    by Lord_Dweomer ( 648696 ) on Saturday October 04, 2003 @01:56PM (#7133492) Homepage
    Good news.....FINALLY! I swear to god...you read /. for a couple weeks.....and the news is so forboding sometimes that you think the headline tomorrow is going to be "APOCOLYPSE! WE'RE ALL GOING TO DIE!". Then a story like this comes along and makes me cheer and gives me a glimmer of hope. Makes me feel like I'm manic depressive.

    Damn the Goddess of Geekdom, she is a fickle mistriss!

    • Hey, don't worry about it - if slashdot DID run a "APOCOLYPSE! WE'RE ALL GOING TO DIE!" story, it'd be denounced as a corporate plot, we'd get a dupe and then it'd turn out that the story was actually exaggerated and it is really only going to be a problem for somewhere nobody cares much about, like Utah...
    • Careful, now, or you will piss off Athena! She is the Goddess of Geekdom.
  • by PSaltyDS ( 467134 ) on Saturday October 04, 2003 @01:57PM (#7133499) Journal
    From the article: "We will accede to the request while we explore all of our options." or, "All night lawyer party at the home of the VP for marketing!" Techs and engineers will not be invited.

    Any technology distinguishable from magic is not sufficiently advanced.
  • by Anonymous Coward
    Well, seeing how much ass Verisign sucks, what are the best options out there for people wanting to jump ship?
  • NANOG Linkage (Score:5, Informative)

    by The One KEA ( 707661 ) on Saturday October 04, 2003 @01:58PM (#7133505) Journal
    Here is the start of a thread on the NANOG mailinglist:

    http://www.merit.edu/mail.archives/nanog/msg14917. html [merit.edu]

    Just goes to show how pissed people really are.....
  • Good news! I can now go back to hating both companies equally.
  • Weren't they just "suspending" it? I anticipate a quiet revival sometime in the future.
    • You can't really "quietly" revive it, because when you revive it, the effects will show as soon as the ISPs start updating their DNS caches. I mean, this time, we didn't notice it because of some big public announcement, we noticed it because all of the sudden these sitefinder sites started showing up when we typoed stuff.
  • by sakusha ( 441986 ) on Saturday October 04, 2003 @02:00PM (#7133522)
    Note that "making plans to shut down" does not equal "shut down."
    • Only 2 hours later after your post, SiteFinder is down. Well, 2 hours plus perhaps 1-3 for unknown time zone diff.

      paul@preston ~ > date
      Sat Oct 4 17:09:28 PDT 2003
      paul@preston ~ > host www.slkjewrw.com
      Host www.slkjewrw.com not found: 3(NXDOMAIN)

  • Email from Verisign (Score:5, Informative)

    by gfilion ( 80497 ) on Saturday October 04, 2003 @02:01PM (#7133523) Homepage
    From: owner-registrars@verisign-grs.com
    [mailto:owner-r egistrars@verisign-grs.com]On Behalf Of VeriSign Customer
    Service
    Sent: Friday, October 03, 2003 6:08 PM
    To: registrars@verisign-grs.com
    Subject: [RegistrarsList] VeriSign NDS Response to Suspension of Site

    To All Registrars,

    I am writing to update you on VeriSigns Site Finder service. On Friday,
    October 3rd, the Internet Corporation for Assigned Names and Numbers
    (ICANN) directed VeriSign, Inc., to temporarily suspend service no later
    than 6PM PST, Saturday, October 4. VeriSign requested an extension from
    ICANN for 3 additional days for the shut down in order to provide the
    technical community time to make any necessary system changes.
    Unfortunately, ICANN refused this request. Accordingly, in response to
    this demand, VeriSign is temporarily suspending the Site Finder service
    as of Saturday, October 4 at 6PM PST.

    In suspending the service, VeriSign will remove the wildcard A records
    from the .com and .net zones and revert to the former behavior for these
    zones which is returning Name Error/RCODE=3 in response to queries for
    nonexistent domain names.

    VeriSign remains committed to improving the Internet user experience.
    We look forward to providing the Site Finder service following this
    suspension. Thank you for your business. We greatly value our
    relationship with you.

    Best Regards,

    Chris Sheridan
    Manager, Customer Service
    VeriSign, Inc.
    www.verisign.com
    • by hey ( 83763 ) on Saturday October 04, 2003 @02:16PM (#7133596) Journal
      We look forward to providing the Site Finder service following this suspension.
      Er, what?
      Maybe they have plans to let ISPs wildcard to Sitefinder for a kick back.
      • You bring up an interesting possibility. If Verisign does manage to bring this back and pass it off as acceptable practice, what is to prevent ISPs from putting in wildcards to their own branded advertising search pages? Most people aren't savvy enough to change the DNS servers, let alone know what DNS is.

        This is just a horrible path to go down, although it would be funny to see everyone else take the profits from Verisign's quick buck stunt.
    • This is truly insulting. They act as if the Site Finder service was some kind of favor done by them to the tech community.

      This is a blatent insult to everybody's intelligence.
    • Note how ICANN gave them 36 hours to do it, time for the caches to clear etc yet verisign play it right up to the wire.

      James
    • This letter is hilarious. "ICANN told us to stop being pricks. We said we would need three more days to pull our heads out of our collective asses, but they told us to fuck off, so we scrambled and did it in one day, which was easy since all we had to do is turn our complete bullshit off."
  • ICANN's power (Score:5, Interesting)

    by chrispyman ( 710460 ) on Saturday October 04, 2003 @02:01PM (#7133528)
    I guess this goes to show that after all ICANN does indeed have some authority over Verisign. Maybe ICANN isn't the pointless and powerless body we though they were.
  • by Anonymous Coward on Saturday October 04, 2003 @02:03PM (#7133540)
    I simply placed a entry in my HOSTS file and blocked out Verisign's DNS hi-jacking.
    • Aren't you cool (Score:3, Insightful)

      by Anonymous Coward
      Simple solution. Everyone just has to manually edit their HOSTS file every time Verisign changes something.

      Good thing people like you are around to tell us these things.
    • Well it bothered me a lot. I had two excruciationg minutes the other day, while trying to figure out why a hostname had an A record but the domain had no NS entry. Then I remembered the DNS wildcard and damned Verisign to hell.

      Do not fuck with the infrastructure of the internet. It is the life blood of successful networking.
  • by werdna ( 39029 ) on Saturday October 04, 2003 @02:17PM (#7133609) Journal
    Of course they're not taking it down because it affected the internet, they're just doing it to keep good relations with the technical community.

    Nonsense. They have already demonstrated significant contempt for the technical community -- remember their original response to ICANN's advisory?

    They are doing it because ICANN's last letter put their super-duper exclusive right to operate the DNS in play. Maybe ICANN could terminate, maybe not -- but who would put the entire business on the line for this opportunity -- particularly when there still is a chance to negotiate something like that in the future?
  • In all the communication Verisign presented, they kept the word "temporarily" or made suggestions which imply that.

    Something tells me Verisign still has some tricks up their sleeve, which includes reinstating the service after their laywers have come up with a "satisfactory answer" to ICANN's ultimatum.

    Guess I shouldn't take away my wewantour404.(com|net) yet...
  • A few things (Score:5, Insightful)

    by m0i ( 192134 ) on Saturday October 04, 2003 @02:18PM (#7133619) Homepage
    I find interesting that Verisign requested 3 days before shutting down the service to give time for the tech community to adjust.. Did they do this when the service kicked in?
    Also, a quick hint to all of you stuck with Verisign to renew because the domain is past due:
    Verisign renewal [stayoffer.com]
    Pay 15USD instead of 35USD for the very same 1 year reneal service.. Ain't that great?
  • Not DNS (Score:2, Interesting)

    by Anonymous Coward
    DNS does not define wildcard redirections. VeriSign should lose the contract just because of that.

    These are the same guys that were ordered by the FTC to stop falsely advertising renewal services, isn't it?

    Lame crooks.
    • These are also the people that arbitrarily started charging for domain registrations, changing the terms of their arrangement with the government to manage domains. These are also the people that had their domain charges ruled an "illegal tax" and never returned any of the millions and millions of dollars they illegally stole.

      The list of Verisign/NSI dishonorable activities is virtually endless.
  • I feel sorry... (Score:3, Interesting)

    by infolib ( 618234 ) on Saturday October 04, 2003 @02:37PM (#7133717)
    ...for the guy who some day down the line gets 64.94.110.11. All these null routes probably won't go away that easily. He'll have lots of mystified users...
  • What might get VeriSign into very big trouble is the admission, in the press release [yahoo.com] that "ICANN is using anecdotal and isolated issues to attempt to regulate non-registry services, but in the interests of further working with the technical community we will temporarily suspend Site Finder."

    I think this is a brand new tactic on the part of VeriSign, to categorize it as a "non-registry service".

    That seems to escalate things to a new level, in that it seems to be an admission of abusing their monopoly in

  • I gave verislime a big hearty fuck you two weeks ago by downloading the newest bind, turned on the delegation option, and then promptly null routed the sitefinder ip as additional insurance.

    I'm surprised the rest of you guys didnt all do the same as well.
  • It will be back .... (Score:3, Interesting)

    by Leme ( 303299 ) <{jboyce} {at} {ci.redding.ca.us}> on Saturday October 04, 2003 @02:58PM (#7133813)
    Considering the massive amounts of money I'm sure they have spent on hardware, development and other neccesities on this silly project, I'm pretty confident to say that they just won't roll over and stop without a fight.

    I'm sure the lawyers will drag this one out in court.
    • I doubt they put much expenditure into this - how much could it possibly cost to put an entry in making the root servers return sitefinder for unresolved queries. Then a big ass webserver for sitefinder. - i doubt they will have binding contracts as they must have known they would get trouble...
  • Blocking single IPs is soooo... pre-verisign-ish... I can only urge everyone to upgrade their nameservers!

    Click here for info: ISC BIND delegation-only [isc.org]


    zone "aero" { type delegation-only; };

    zone "biz" { type delegation-only; };

    zone "com" { type delegation-only; };

    zone "coop" { type delegation-only; };
    ...

    zone "zw" { type delegation-only; };

  • by krappie ( 172561 ) on Saturday October 04, 2003 @03:06PM (#7133859)
    "If VeriSign does not comply with this demand by 6:00 PM PDT on 4 October 2003, ICANN will be forced to take the steps necessary to enforce VeriSign's contractual obligations."

    Heres one violation that I found.

    As noted in the Message from Security and Stability Advisory Committee to ICANN Board [icann.org]:

    Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.


    Now take a look at verisign's .com and .net contractural agreement in section C4 [icann.org]:

    4. Nameserver functional specifications

    Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182


    Of course, Im no lawyer. Any comments on this would be appreciated. It looks pretty clear to me that Verisign isnt meeting their contractural agreements.

    I like how Verisign is trying to act like ICANN is acting so rash and irresponsible:

    "Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."


    This is what ICANN is for. This is excellent news! It doesnt matter how many moronic web users are clicking on things when verisign's page comes up or how useful Verisign's market research shows it is. Its important to adhere to standards. Verisign's excuses are hilarious. "Users find it useful. It has nothing to do with the loads of advertising money we get. I swear!".
    Its always about money.
  • Not complete yet? (Score:3, Insightful)

    by kasperd ( 592156 ) on Saturday October 04, 2003 @03:15PM (#7133924) Homepage Journal
    The shutdown is not complete yet, though: Verisign hasn't changed their wildcard DNS entry

    Actually that means the shutdown has not started yet. Removing the DNS entry is the only thing that matters. The actual webserver can stay for as long as they want, but the IP address 64.94.110.11 will of course never be usable again. We will have switched to IPv6 before the last filtering of that address is removed.
  • Distribution Point (Score:4, Insightful)

    by Scoria ( 264473 ) * <slashmail@nosPaM.initialized.org> on Saturday October 04, 2003 @04:01PM (#7134154) Homepage
    Many installations of several Web browsers are susceptible to exploitation. If SiteFinder were somehow compromised externally or internally, one could hypothetically distribute malicious software to a prodigious group of individuals. According to the relevant Yahoo! [yahoo.com] article, approximately 1.5 million clients were redirected to the "service" daily. Imagine the possibilities!
  • by taped2thedesk ( 614051 ) * on Saturday October 04, 2003 @04:15PM (#7134221)
    Dear Internet User, In an effort to comply with ICANN's request, we have shut down site finder. Instead, the wildcard dns entry will now point to goatse.cx. We hope you find our new "non-registry" service useful, and look forward to your comments, which can also be submitted at goatse.cx. With Love, Verisign
  • Lately (the last two weeks) I've been noticing that my computer (Win XP) has a tendency to lose it's ability to resolve DNS-adresses if I've quit browsing for more than 15 minutes.
    I was thinking that XP had developed an allergic reaction towards my broadband modem. However, now that I read this story, I'm starting to wonder if Verisign's actions have anything to do with this.
    Anybody got a clue?
  • Well received? (Score:2, Insightful)

    by typobox43 ( 677545 )
    VeriSign stated that Internet users had visited the page more than 40 million times in the last three weeks.

    "The service has been well received by millions of Internet users who appreciate getting navigation tools as opposed to the 'dead end' of an error message," VeriSign's Lewis said in the statement.

    Of course, it's considered "well received" because of its 40 million hits... that 99% of which were not intentional. (Of course, the only ones who would actually go somewhere like that intentionally wou
  • They lied. Sitefinder is still active, and it's past the promised disconnection time of 6PM EST.
  • http://www.internetprivacyadvocate.org/

    PR Here:
    http://verisign.com/corporate/news/2003/pr_ 2003093 0.html

    Ironic the date.

    The site's purpose is to critique ICANN for making the whois info available and public.

    If NetSol would have implemented methods to prevent harvesters from accessing the information years ago, rather than months ago... no problems.

    These guys are just rediculus.

    Was Verisign bought by SCO?
  • by MadEyeMoody ( 708022 ) on Saturday October 04, 2003 @08:13PM (#7135136)

    As of about 8:00 PM EST the wildcard A records pointing to 64.94.110.11 appear to be gone. I'm now getting normal NXDOMAIN responses to queries for nonexistent names.

    As for the Web site, I suppose they must have taken that down, too. If you try explicitly going to http://64.94.110.11 [64.94.110.11] (sitefinder-idn.verisign.com) you get a keen little page that says

    We didn't find: "64.94.110.11"
    There is no Web site at this address.

    and I'm sure VeriSign wouldn't fib about a thing like that....

  • All they are asked to do is to remove the wildcard from the second level DNS for .com and .net.

  • As mentioned in other forums, the article's summary is not accurate. sitefinder is NOT being shut down. and it spite of VeriSlime's press releases to the contrary they were not asked to.

    what they WERE asked to do (and have now done) is to drop the .net and .com wildcards. aka they have (for now at least) release .com and .net from being hostages.

It is better to travel hopefully than to fly Continental.

Working...