VeriSign Granted a Patent Covering SiteFinder

An anonymous reader writes "Remember VeriSign's SiteFinder? Turns out that a couple of months back VeriSign was granted a patent on resolving unregistered domains. This came about thanks to its acquisition of eNic, operator of the .CC Domain. How long before Verizon, Earthlink, and OpenDNS are hit up for licensing fees?"

Better link

[OMNIpotusCOM]

Original discussion [slashdot.org]

Server

[benthurston27]

I'm guessing combine this with apache and they'll catalog your web site without you having to pay for a registered domain.

This is a useful patent for a change.

[Anonymous Coward]

It will dissuade ISPs from implementing SiteFinder-like DNS abuses.

Re:

[OMNIpotusCOM]

Or just make them pay VeriSign. Say... what's VeriSign doing to make money now-a-days anyway? Nothing? Hmm... whatcouldpossiblygowrong?

Re:

[benthurston27]

Well i think it would be cool if someone webcrawled my apache server and people could find it without me having to be a whatever.com of course i'd have to have a static ip but thats ok.

Re:

[SanityInAnarchy]

The bad news is, of course, that it's very likely not a patent troll -- that is, it's very likely that VeriSign actually intends to encourage this behavior.

Oh the Humanity

[DECS]

Maybe we should patent REALLY BAD IDEAS to prevent them from spreading. Of course, it's hard to imagine in advance that ISPs and a company like VeriSign would make a business from poisoning and subverting DNS.

Flash Wars: Adobe in the History and Future of Flash [roughlydrafted.com]

Re:

[Tuoqui]

Unfortunately the patents become public domain after 20 years.

Re:

[smittyoneeach]

After having been trivial, obvious, and awash with prior art by the gallery for decades previously.
None of the presidential candidates, AFAIK, has said peep #1 about patent reform. Hm.

That might be a good thing...

[Whatanut]

If it stops DNS providers from using this practice... I'm all for it.

Re:

[Antique Geekmeister]

Are we discusing the same Verizon? The one that made every single failed lookup on DNS for the *.com domain, which htey manage, resolve to their advertising pages? It broke a huge number of DNS testing tools, and caused all sorts of nasty traffic problems.

The chance of Verisign blocking this kind of behavior, except to protect the turf so that only they can do it, is so small as to be the same of making SCO admit they lied about owning UNIX.

How about

[unity100]

i start to use SSL certs other than verisign, and advise my clients to do as such too, and you all do that too, and with that reaction shove that patent up verisign's butt ?

Re:

[tepples]

i start to use SSL certs other than verisign

VeriSign bought Thawte and GeoTrust.

And other than VeriSign, whose code signing certificates are accepted for 64-bit kernel mode code in Windows Vista? Comodo's certificates aren't [tech-pro.net].

Re:

[cheater512]

We can boycott Verisign in addition to Vista. :P

VeriSign is the dot in .com

[tepples]

We can boycott Verisign

VeriSign is the dot in .com and .net [verisign.com]. Good luck boycotting that.

in addition to Vista. :P

I couldn't find home PCs with any operating system other than Windows Vista or Mac OS X at any store that I visited in Fort Wayne, Indiana. Even Wal-Mart didn't have any PCs running Linux for sale. So should everybody who wants to buy a home PC without contributing to VeriSign's driver signing monopoly get either a Mac or a Dell [dell.com]?

Re:

[cheater512]

We can replace our .com and .net domains with .org and other tlds.

Dell, Mac or get a tech friend to make you one at three quarters of the price.
All get around having to buy a copy of Vista. :)

Re:

[unity100]

rapidssl

RapidSSL is VeriSign

[tepples]

rapidssl

RapidSSL.com, a subsidiary of GeoTrust [rapidssl.com]. GeoTrust, whose current owner is VeriSign [wikipedia.org].

Re:

[unity100]

well, then we will find a ShitSSL and use it.

But prior art...

[Anonymous Coward]

Didn't the patent on being an asshole expire a long time ago?

It did...

[gd23ka]

but assholes keep extending it.

Re:

[hardburn]

This may be the only Slashdot thread ever that where a goatse link becomes on-topic.

Good!

[the pickle]

Hopefully Verisign will use this patent to bludgeon this abominable practise to death at ISPs and OpenDNS.

p

Re:

[Sledgy]

You should check your OpenDNS settings, there is an option to disable the search feature or if you don't like it use another service.

Re:

[Kalriath]

Almost, you can't turn off OpenDNS' redirecting of all attempts to access Google.

Re:Good!

[davidu]

That's not true. Look under "shortcuts" in your network preferences and turn off the proxy. It doesn't bother 99.99% of our users and it makes shortcuts and google work beautifully, as both should. But if you don't like it, turn it off. :-)

-davidu

Re:

[deraj123]

This is new. Very exciting. Thanks.

Re:

[deraj123]

What is "another service"? Any suggestions? I would love to use one... I've turned off the typo settings in opendns, but I'm still stuck with the google issue [opendns.com].

Re:

[the pickle]

While that certainly helps OpenDNS users (though yours is the first mention I've *ever* seen of a means to disable their redirect advertising), it doesn't do a darn thing for all the Earthlink and Charter (and others) ISP subscribers who are having this forced down their throats by a service they PAID for.

p

This COULD be a good thing, done properly

[v1]

Imagine verisign charging an absolutely absurd amount for their licensing. I mean totally out of line, like $1M/month. Don't want to pay licensing? Don't infringe.

That would dramatically reduce the amount of this DNS perversion going on.

Not that this is going to happen, but it's an interesting prospect to think about. Heaven forbid the system be taken advantage of to the benefit of the people.

Could, but won't

[Weaselmancer]

If they make it something reasonable, they get to collect license fees. Money for no work. If they use your idea they get nothing except respect from the community.

I know which one they're going to pick.

Re:

[drew]

And if it were anyone but Verisign, I might believe you. Honestly, if I ever design a network protocol, I am going to patent every possible way I can think of to abuse it down the road...

However, since we are talking about Verisign here, I'm sure this is just business as usual. Watch for announcement of a licensing deal with Earthlink in the not to distant future.

Obligatory Behind-the-times Question

[drinkypoo]

My ISP has recently joined the ranks of retards who return an incorrect result when a domain is not found. I've been looking around but it's unclear who is out there running DNS that I am welcome to use, that is worth using, and that is likely to be at the same IP for a long time. Whose servers should I use?

Re:

[lakeland]

opendns

http://www.opendns.com/ [opendns.com]

Re:

[lakeland]

I should have actually read your request properly before posting. OpenDNS is designed to give you almost exactly what you don't want.

Sorry.

Re:

[DECS]

Well either way it was apparently informative, thanks.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drinkypoo]

my ISP gives me a dynamic ISP, and so i have to have a daemon keep OpenDNS up to date with my latest IP. no biggie.

I don't get it, does this result in leaving a long wake of IPs configured to not return stupid results in OpenDNS? I mean, if so, you're providing a valuable service, but it seems like they're pretty retarded. Then again, anyone who would return a bogus, non-compliant result when a standard service is requested is an ass, anyway.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drinkypoo]

i don't set OpenDNS up for all of my ISP's users -- just me!

The configuration is by-IP, right? So in that case, you're configuring it for that IP, right?

i wrote a little script which periodically checks our network's current IP against a file containing the last one recorded. if it's different, it queries OpenDNS's DNSomatic service, which then updates OpenDNS's record of my IP.

Do you really need to do any periodic checking? Whether it's pppd or dhclient, your system knows when the IP changes. Wouldn't it make more sense to fire on lease renewal, or when the ppp interface comes up?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drinkypoo]

i haven't heard of pppd before, but i don't see how it'd know my network's WAN IP unless it, too, checks periodically.

Oh, I see. I was somehow under the mistaken impression that you were running something more complicated.

Depending on the model you could load some alternate firmware that provided a simple Linux distribution, there's a few out there. But then management becomes more complicated, of course. If you did, though, you could install this functionality to the router.

pppd would apply to a modem connection. My gateway is a laptop running Linux, with two ethernet interfaces and a modem. One ethernet interface goe

Who modded this informative?? It's DUMB!!

[gd23ka]

Seriously... that is probably the dumbest advice you can give.

Here in their own words:

"OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We BLOCK phishing sites, give you the power to FILTER out adult sites and proxies among more than 50 categories, and provide the precision to BLOCK individual domains."

Re:

[Nullav]

It's optional. If you want the people using your network to do whatever they're supposed to do, rather than going to porn sites and reading Slashdot, you can specify sites to block. If you just want to use it because your ISP is run by a bunch of Cox, just disable the phish filter and typo correction while setting up your account. No ads, no voluntary censorship, and it doesn't suck as much as whatever you're trying to avoid.

As for Verislime's antics, make a wildcard record and complain loudly to ICANN.

Re:

[Anonymous Coward]

Typically the ISP is just having their own DNS servers do this (as opposed to using a hidden DNS proxy). The solution is to run your own resolving cache. Then your ISP doesn't have anything to do with what addresses your DNS server returns (except for domains they control). bind can do this or you can use dnscache and probably a half a dozen or so other tools are freely available.

Re:

[drinkypoo]

Typically the ISP is just having their own DNS servers do this (as opposed to using a hidden DNS proxy). The solution is to run your own resolving cache.

I'm trying to avoid going to the root servers, which I understand is considered to be rude if you're just joe schmoe and don't have a bunch of users behind you.

Thus, even running my own cache (actually, I'm using dnsmasq for local resolution) I still need forwarders. I just don't want to use the ones from my ISP.

Re:

[rs79]

Do you mean root (".") or TLD (".com" et al) servers. Sorry to ask but a lot of people say "root" but mean "tld".

Anyway, primary the root zozne yourself. Run a copy of .com locally. Stop sucking on the tit of US government run DNS servers; we've been babied for 20 years and we really at this point should be doing this stuff for ourselves.

Somebody ought to look in the wayback machine for alternic.net. I have a vague memory of Kashpureff doing this well before 2001.
Talk abourt irony. (He went to jail for hac

Re:

[drinkypoo]

Do you mean root (".") or TLD (".com" et al) servers. Sorry to ask but a lot of people say "root" but mean "tld".

Not sure, don't feel bad. AFAIK I mean root. I've done it with both BIND 4 and 9 in the past. I have this tendency to quickly learn what I need to get something working and forget it though. I've more recently got into the habit of writing howtos whenever I do anything because of this. But I've done bind 9 with DDNS and all kinds of fun stuff like that in the past - right now I'm just on the lazy train.

Re:

[Anonymous Coward]

The root servers aren't very heavily loaded as their data has long TTLs. The .com servers do get a lot of traffic, but Verisign has to deal with that, so don't worry.

Breaks location bar search; workarounds?

[Chris Pimlott]

My ISP has recently joined the ranks of retards who return an incorrect result when a domain is not found.

I've been annoyed to find this happening more and more. What really irks me is that this breaks Mozilla's handy location bar search [mozillazine.org] for one-word queries. Is there any workaround for this? Perhaps an addon could be made to ignores hostname lookup results that match common catch-all servers.

Re:

[account_deleted]

Comment removed based on user account deletion

My ISP does this

[MobyDisk]

FYI - Cavalier Telephone does this too. I called them about it and they suggested tat I use someone else's DNS servers. Unfortunately, the only alternative I have is Comcast. :( Yay for competition, huh?

Many Reasons this is Appalling

[billstewart]

There are so many things wrong with this. The first one is that it doesn't actually work as indicated in Claim 1, because it's operating at the wrong levels of the protocol stacks. DNS maps between names and IP addresses, and is used for many different kinds of Layer 4, 5, and 7 applications, but URLs are a Layer 7 function typically supported by browsers, and the identification of what kind of service the client is interested in is not known at name resolution time, or even what Layer 4 transport protocol or Layer 7 application protocol, and in fact the methods used in the patent have the DNS operator's web server decide what kind of response web page to provide in response to a URL included in a HTTP request, even though the client's DNS request might not have been intended to be used for HTTP. When Verisign implemented their annoying breakage of DNS functionality, they supported HTTP on port 80, and had a stub email server that did a sloppy approach to rejecting connections, and AFAICT didn't provide other services, such as correct rejections on SSL's TCP Port 443 or SSH's TCP port 22. It's not clear that they even did the right thing at Layer 3 - if you were trying to "ping misspellllled-example.com", they not only should have answered the DNS request with a "No Such Domain" error message, but if you sent it a ping, it shouldn't respond (I forget if they responded to pings or not; many systems don't do that for self-defense.)

Another reason this patent shouldn't have been accepted is that wildcard domains were a standard capability, and having a web server try to provide useful information in a 404 page was probably a known capability, or at least obvious to someone skilled in the trade. Responding to a DNS request with the IP address of a web server that isn't the one the customer was looking for might not count as "obvious to someone skilled in the trade" because it's obviously wrong.

Re:

[billstewart]

It's stupid, but that doesn't mean nobody's ever done it - my ranting is as grumpy as it is because Verisign did it and several other sets of people have done it since then. Verisign's attempt was really egregious, since they're the main registrar for .com and .net, and ICANN yelled at them until they stopped (one of the few times I think ICANN has really done the Right Thing.) Most of the other people who've done it are ISPs (who shouldn't do that, but you can always set your system to point to some othe

Re:

[drinkypoo]

There's no reason not to permit a patent on doing something noncompliant. There is however every reason not to permit them to do it. At the very least, they should not be permitted to refer to their name resolution service as "DNS" because they are not following the RFC; in addition they should be required to inform all customers that they are operating noncompliant services. This is the type of regulation that government should perform, in order to allow consumers to make well-informed choices.

Another reason this patent shouldn't have been accepted is that wildcard domains were a standard capability, and having a web server try to provide useful information in a 404 page was probably a known capability

I don't u

rr is doing this too

[mwilliamson]

road runner internet does this too now.

Patented fraud

[Wormholio]

I wonder if it's possible to sue anyone who practices this patent for fraud?

on a related net neutrality issue:

[drDugan]

http://www.truthout.org/docs_2006/050508R.shtml [truthout.org]

'''
The Federal Communications Commission has recently encountered mounting scrutiny in response to its broad deregulatory practices. Public frustration regarding the FCC has peaked at a time of fierce debate on net neutrality.

        In a memo obtained Tuesday by The Washington Post, 30 current and former commission employees complained about the leadership of FCC Chairman Kevin Martin.

        Staff members observed that "the FCC process appears broken and most of the blame appears to rest with Chairman Martin."

        The memo, written to chairman of the House Energy and Commerce Committee John Dingell and chairman of the House Energy Subcommittee on Oversight and Investigations Bart Stupak, increases pressure on the FCC chairman, who, in particular, has been accused of a rigidly anti-regulatory, pro-corporate approach. Many critics assert that his approach has contributed to a lack of oversight over network providers.
'''

What's a little deregulation between friends, right?

Re:

[celle]

Corruption!!

Could Verisign be held accountable?

[Prisoner's Dilemma]

Aside from all the obvious issues already discussed on the previous thread, can Verisign be held accountable if any royalty paying users of SiteFinder are sued for copyright infringement issues? Or maybe conspiracy or collusion?

I sincerely hope they sue Earthlink...

[SmoothTom]

I sincerely hope they sue Earthlink, because maybe then Earthlink will stop the stupid practice of NOT returning a failure when the domain is not found.

It is getting ever more difficult to find DNS that just works as it should, instead of coming up with a result for every request, even if it has to make one up. :o(

*mutter* *mutter* *mutter*

Tomas

Re:

[hawaiian717]

At least Earthlink gives you the option of using DNS servers that don't do it. I used them until I switched ISPs. http://kb.earthlink.net/case.asp?article=187117 [earthlink.net]

good!

[nguy]

This is a patent I approve of: the more companies have to pay for it, the less it will get used.

No way this holds up

[mambosauce]

Love it or hate it it's irrelevant. eNic was not the first registrar that did this. There is definately prior art that will make this patent invalid. I'm still investigating dates, but the ccTld i'm thinking of didn't do it for advertising, just a redirect to a domain doesn't exist. If anyone knows the original post the link and date.

Sue the ISC and BIND book publishers?

[mr_mischief]

Wildcarding domains is a very old, in Net terms, practice. All you have to do to have it work at the registry level is to wildcard the top level. It's a trivial one line per top-level domain for which you want to do this in BIND. There's nothing novel or even particularly interesting about it.

tinydns patch to ignore sitefinder

[Russ Nelson]

http://tinydns.org/djbdns-1.05-ignoreip2.patch [tinydns.org]

Turns A records for certain IP addresses back into NXDOMAIN results.

BUG: Verisign patent conflicts with older patent?

[lpq]

Doesn't patent 6,332,158 [uspto.gov] already cover what is in Verisign's patent 7,337,910 [uspto.gov]? It seems that the 2nd patent (7,337,910) should at least reference the 1st patent under the "Related US Patent Documents" section.

How does one submit a bug-report against a US Patent? Maybe the USPTO needs to open up a bugzilla DB to handle things like this?