Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN, IAB Ask VeriSign to Suspend SiteFinder

Posted by ryuzaki0 on from the trying-the-polite-approach-first dept.

dmehus writes "ICANN issued an advisory late today concerning VeriSign's controversial SiteFinder service. The advisory requests that VeriSign voluntarily suspend SiteFinder until various independent and objective reviews, which are now underway, have been completed. Interested parties should see the advisory for more details." I think most people here can agree it was a bad idea, although it's not generating revenue for most of us either. ICANN isn't alone here either. Nuclear Elephant writes "The Internet Architecture Board issued this response to an ICANN inquiry about Verisign's SiteFinder service."

17 of 276 comments (clear)

  1. So who gets the money ? by EpsCylonB · · Score: 4, Interesting

    VeriSign's wildcard creates a registry-synthesized address record in response to lookups of domains that are not otherwise present in the zone (including restricted names, unregistered names, and registered but inactive names). The VeriSign wildcard redirects traffic that would otherwise have resulted in a "no domain" response to a VeriSign-operated website with search results and links to paid advertisements.

    Why should VeriSign get the money ?

    1. Re:So who gets the money ? by Tirel · · Score: 1, Interesting

      maybe because they're tired of running half of the DNS system for free? I mean, we're talking absolutely huge servers that serve hundred of gigabytes per day and like 2/3 of the traffic are absolutely useless queries from random IDS and logging systems.

      weekend internet users won't care and the rest of us will find ways to ignore it.

      So why not?

    2. Re:So who gets the money ? by Reziac · · Score: 2, Interesting

      Good idea, and I agree -- the single-basket approach is begging for disaster. Replicating would be a lot safer. Just because no big disaster has yet struck the system doesn't mean it *can't* happen.

      What companies would you suggest? IBM comes to mind as having the resources, and has demonstrated a modicum of "community best-interests" as well as support for open standards.

      I don't suppose it need be limited to tech-sector companies either. Maybe one with global presence and pret'near infinite resources, like Exxon-Mobil?

      --
      ~REZ~ #43301. Who'd fake being me anyway?
  2. I'd love to have been a fly on the wall... by Anonymous Coward · · Score: 5, Interesting

    ...in the meetings in which Verisign decided to implement SiteFinder.

    Do you think they innocently believed they had found a valid loophole for commercial exploitation a legitimate feature of the Internet protocols?

    Or did they say something like this? "Well, OK, so it does violate DNS specifications. People will scream. Let them scream. Nobody can touch us. The IETF has only moral authority. And ICANN and the U. S. Department of Commerce are never going to interfere seriously with any big, successful Internet company. So a few technies get angry, big deal."

    1. Re:I'd love to have been a fly on the wall... by Anonymous Coward · · Score: 1, Interesting

      It should be noted that, even though Verisign's implementation is not RFC compliant, a system with essentially the same effect can be implemented without violating RFCs.

  3. Bind by Anonymous Coward · · Score: 1, Interesting

    Ask? How about demand. Verisign screwed up when they thought up this scheme. They have abused their position and should be stripped of it.

  4. Re:This isn't really new. by Tirel · · Score: 3, Interesting

    because .com and .net amount to 99% of the internet and nobody really cares about smaller tlds (ie, .nu and so on)

  5. Re:Versign should have to pay to register domain. by j0hnn135 · · Score: 2, Interesting
    I like Paul Hoffer's advice from the response. If Verisign did this, they may try something else slimy. Take the power away is my vote.

    ICANN should demand that VGRS immediately stop giving incorrect answers to any query in .com and .net, and should instead follow the IETF standards. If VGRS refuses, ICANN should re-delegate the .com and .net zones to registries that are more willing to follow the DNS standards. Please let me know if you have any further questions. --Paul Hoffman, Director --Internet Mail Consortium
  6. Re:This isn't really new. by LostCluster · · Score: 4, Interesting

    .com and .net are the two huge TLDs, so implementing wildcard sites on smaller TLDs just wasn't quite as outragious. Also, in the past, most wildcards were sites that only offered to register the non-existing domain at the monopoly registrar of that TLD.

    The controversy on SiteFinder seems to be that they're offering query-based ads, which essentially says "It's against the rules to register the typo of your competitor, but we'll sell you an ad on the site that results from that typo."

  7. Re:Versign should have to pay to register domain. by Proudrooster · · Score: 2, Interesting

    Well, I would be willing to take the money if no one else wants it :) ...

    Seriously though, the money could go to ICANN, IEEE, EFF, or the G.W. Bush war in Iraq fund. My point is this, if Verisign wants to "domain squat" they shouldn't get the domains for FREE and should have to pay for them just like everybody else. They are abusing their unique position as a registrar. For example: I can't hijack or redirect every mistyped domain to my ad server e.g. (yaho.com or yaahoo.com). I have to register each misspelling. Verisign should have to do the same.

    Does anyone have a copy of Verisign's charter?

  8. Petition Site (new link!) by GeorgeK · · Score: 2, Interesting

    I'm glad the IAB took that position. Hopefully Verisign will do the right thing....but, given their history, they probably won't.

    We started a petition on Tuesday, and it got more than 16,000 signatures, before the site apparently got Slashdotted or something. We had to move it to a new server, with backups of the first 10K signatures. The new link is:

    Stop Verisign DNS Abuse Petition

    We also made announcements here and here, including having sent a hardcopy of the first 10,000 signatures to ICANN via FedEx. Thanks for all the support!

  9. A great hack.. by mindstrm · · Score: 3, Interesting

    except, this type of thing is not the responsibility of the DNS.

    The fact that we tend to use DNS as an index of everything, and that humans can't get over "Www." is OUR problem, not a problem with DNS. DNS is a precise lookup service... we'd just like it to function as it always has, thanks.

    DNS wasn't put here to look up websites, it's far more fundamental than that.. and if people are too lazy to learn how to use a web browser right.. tough cookies for them. We should not be mangling DNS in order to do it.

    DNS is about a LOT more than just you looking up a web address, and to break it now is absurd.

    If you want a feature like you suggest, you build it at the application level, into the web browser... you don't mess with the fundamental protocols involved.

  10. gTLD's and ccTLD's are different by sabri · · Score: 2, Interesting

    Indeed. This is not new. But there are differences:

    The .museum gTLD was a new gTLD. If you implement a wildcard from the start of a gTLD, that is something the community can take into account when developing systems around it. (this does not mean I agree with doing so).

    Some people also mention some ccTLD's like .tk and .nu doing the same. There is however a fundamental difference between a gTLD and a ccTLD. A gTLD is operated (or at least should be) under control of the community and should be more strict in following the RFC's. A ccTLD is operated by a country or representatives of a country. If Tokelau and Nieu wish to break the RFC's, it's their problem. It is the responsability of their government to correctly operate the ccTLD and if they fail to do so, to bad for them as the world will eventually turn it's back on them.

    --
    I'm not a complete idiot... Some parts are missing.
  11. Re:This isn't really new. by 11223 · · Score: 2, Interesting
    OK, to sum up the differences between this and the existing cases:

    .museum is a limited-access domain and domains in this area don't really have commercial value. Thus, it's not unfair to "squat" on all the unused domains to provide this index. It might break DNS within the .museum TLD, but nobody really cares because nobody really visits the .museum domain.

    WRT the other toplevel registries: all of those that have been mentioned so far are breaking DNS anyway. You don't think that all those people with .tv domains actually live in Tuvalu, do you? DNS has been under attack for some time now.

  12. Fixing the problem by bruns · · Score: 2, Interesting

    Well, one thing interesting I discovered - Earthlink appears to have patched their DNS servers so they return NXDOMAIN now instead of sitefinder. Cheers to a big ISP taking charge :)

    --
    Brielle
  13. Registry/registrar changes by Todd+Knarr · · Score: 2, Interesting

    Frankly I think ICANN should formally seperate the registrars and the root DNS registry. Make these changes to the rules:

    1. The root DNS registry operator may not themselves be a DNS registrar, nor may they have any affiliation with or organizational ties to one. The registry operator receives a fee per domain for operating the registry, there should be no incentives other than this fee affecting their operation of the registry. It's too critical to the rest of the Internet. If those fees alone aren't enough to make it worthwhile for any company to run the registry, then perhaps the registry shouldn't be run by a company.
    2. The registry operator may not run a publically-accessible root nameserver (but they may run one for purposes of transfering root zone data to root nameserver operators, so long as it is not listed in the root hints file). That would make it so that changes in the root zones such as adding wildcard records could, at least in principle, be filtered out by the root server operators before reaching the Internet at large.
    3. No one entity may, either directly or through affiliated entities, control more than 3 root nameservers or 25% of the root nameservers, whichever is less. That would hopefully insure enough variety in root nameserver operators that bad changes (eg. the wildcards addition or things that required specific non-standard DNS server software) would be rejected by at least one operator.
  14. robots.txt by Krashed · · Score: 3, Interesting

    Any site that sitefinder "helps" you with has a robots.txt file that disallows all agents. I am trying to access an old site of mine that was archived on the WaybackMachine and it won't let me access the old information now. Verisign must be stopped at all cost.