Slashdot Mirror

← Back to Stories (view on slashdot.org)

VeriSign Changes DNS Servers: No ASCII Needed

Posted by timothy on from the eggs-for-omelletes dept.

An anonymous reader points to this story at The Register and this one (in French) at news.yahoo, writing "VeriSign has made changes to the root DNS so that they handle non-ascii names (for .com and .net). Furthemore, an erroneous lookup results in getting a VeriSign IP, not an error message." An excerpt: "The IAB [Internet Architecture Board] feels that the system VeriSign had deployed for .com and .net contains significant DNS protocol errors, risks the further development of secure DNS, and confuses the resolution mechanisms of the DNS with application-based search systems."

10 of 202 comments (clear)

  1. The start of .... by josh+crawley · · Score: 3, Interesting

    Perhaps this is the start of having he "other" dns'es take off. We all know how bad Verisign is with DNS (like slamming, overcharging, and in general cheating).

    Seems like they're pulling a Microsoft to me. But this time, the big guys are pulling a "WTF" on them.

  2. Who owns their dns servers ? by Anonymous Coward · · Score: 1, Interesting


    And why are they not allowed to implement any dns method they choose ?

    what are the punishments/penalties if they choose a bad method of dns, goverment ? unions ?

    what exactly is the commercial incentive to conform to IAB ?

    1. Re:Who owns their dns servers ? by Anonymous Coward · · Score: 2, Interesting

      They might own their servers, but AFAIK they have a contract with ICANN to provide DNS (they negociated an extension of the .com in exchange of releasing the .org one).

      If they provide "verisign DNS" which is not what they're being paid to do, instead of standard DNS, aren't they breaking their contract?

  3. On News at 11, Small town in turmoil by cyberlotnet · · Score: 5, Interesting

    Small town in Florida overnight adopted a new set of street signs they feel create a friendlier driving enviroment, and allow the non-usa population to drive safer.

    Within 24 hours the whole city was gridlocked due to wrecks from confused and misguided drivers who didn't understand what was going on...

    Yes its a Dramatic example, but valid one of what happens when things are changed without properly informing the public, Just taking things into your own hands.

    This change is not going to serve to improve the internet but instead confuse people.

    --
    Personal Website
  4. Re:Adverts. by Anonymous Coward · · Score: 0, Interesting

    "The changes VeriSign made basically introduce an element of guesswork into domain resolution. The system guesses that the user is looking for an internationalized domain name (IDN) and presents them with a way to access it"

    If you are using an non ascii character set and attempt to resolve a domain using this you are sent to a webpage which tells you about verisigns plugin to allow nonascii character sets to be used to resolve domains. Effectively the plugin just converts nonascii character sets to ascii character sets on the client.

  5. Great.. not really by k98sven · · Score: 4, Interesting

    Ok.. now I have full understanding why people want
    DNS adresses in their own language.

    For instance, I live in Sweden, where the township of Mönsterås has to use the
    URL "monsteras", which happens to mean "monster-carcass"..

    But on the other hand, a big point of the internet is that it's supposed to be international,
    how are for instance americans supposed to type unique swedish characters to find the web site?

    Not to mention chinese and japanese sites..

  6. IETF IDN Working Group by jazdc · · Score: 3, Interesting

    I hear of all these proprietary ways to handle non-ascii domain names and constantly fail to see why people cannot wait for the IETF IDN Working Group to finish their work.

  7. There are standards for those things. by billstewart · · Score: 3, Interesting
    We've been dealing with internationalization for more than a decade - applications either support UTF8 or Unicode or CP850 or some similar standard for handling them, or else they don't, and most operating systems provide some hook for inputting them. (That won't help 7-bit-character implementations of vi, but too bad :-) Windows has their Character Map application, so I can go get an Å and a å and cut&paste them into my document.

    The real problem is that the DNS standards say that capital and lower-case letters are equivalent, so example.com and EXAMPLE.COM and ExAmPlE.com all get the same result, and DNS lookups translate everything to the same case before looking it up. To handle single-byte international character sets wouldn't have been that difficult - either define a mapping from uppercase to lowercase, or else require that users translate all of those things by hand. But Unicode's two-byte characters make this fail badly - if the bytes happen to be aa, changing them to AA gets you an entirely unrelated character, and vice versa, but the DNS standards force this to be done, because they don't know about double-byte characters. The most serious problems this causes are that only about 1/4 of the characters are valid in DNS, which makes far too many words unavailable - it's bad enough that aa and AA and aA and Aa all become aa, but the chances of a 10-letter word being available are way too low (and think about the trademark problems of coke.com vs. COKE.com vs. CoKe.com etc.) Other problems include the chance that you can't display reverse DNS names properly (because the database has the wrong case in it) or alternatively that the canonical forward and reverse DNS names are different, which is annoying enough for 7-bit character sets where only the case is different, but when the letters change entirely, it's really bad.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  8. Re:what about charsets? by Old+Wolf · · Score: 1, Interesting

    Your post gives me an idea: why not just use UTF-8 for domain names?

    This wouldn't require any bullshit approval and crap, no existing DNS systems would break because they currently reject requests with non-ascii utf-8 characters, the only implementation barrier would be waiting for any apps that want to support it to encode their URLs with a UTF-8 library.

  9. Re:Adverts. by NoMaster · · Score: 2, Interesting
    Not exactly. It looks at the query and decides whether it thinks you want a non-English domain, and if so, directs you to a page to get an IE plugin which adds support for international URLs. A very dirty hack and not in any way part of the DNS standard, but not advertising.


    Bullshit. It's advertising IE. If it wasn't, it'd have either a) "plug ins" for *every* browsing engine out there (impossible - think Lynx, or a webspider...), or b) a totally server-side solution. It has neither - just an IE plugin...
    --
    What part of "a well regulated militia" do you not understand?