Slashdot Mirror

← Back to Stories (view on slashdot.org)

Resolving Everything: VeriSign Adds Wildcards

Posted by ryuzaki0 on from the gotcha dept.

DragonHawk writes "As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising." Read on below for some more information.

"(VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.)

This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time.

Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless.

VeriSign has published white papers about their implementation and also made some recommendations."

2 of 1,291 comments (clear)

  1. This is a bitch by Mohammed+Al-Sahaf · · Score: 0, Redundant

    I've heard this breaks a lot of spam-catching tools which check if the mail was sent from an invalid domain, as all IPs in these invalid domains now resolve.

    --
    Former Iraqi Information Minister Mohammed Saeed al-Sahaf
  2. Re:Verisign would look nice in gasoline and flame by ibcmax · · Score: 0, Redundant

    I wouldn't have thought mail would be affected - they haven't defined an MX for the wildcard, so [rfc compliant] mail servers would still be able to verify that the domain doesn't exist in a mail sense, and misspelled emails should still bounce. This also [obviously] means they can't harvest bounced email addresses either. Unless I have missed something... They *would* look nice in gasoline and flame though.

    --
    Do not meddle in the affairs of SysAdmins, for they are subtle and quick to anger.