Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN, IAB Ask VeriSign to Suspend SiteFinder

Posted by ryuzaki0 on from the trying-the-polite-approach-first dept.

dmehus writes "ICANN issued an advisory late today concerning VeriSign's controversial SiteFinder service. The advisory requests that VeriSign voluntarily suspend SiteFinder until various independent and objective reviews, which are now underway, have been completed. Interested parties should see the advisory for more details." I think most people here can agree it was a bad idea, although it's not generating revenue for most of us either. ICANN isn't alone here either. Nuclear Elephant writes "The Internet Architecture Board issued this response to an ICANN inquiry about Verisign's SiteFinder service."

19 of 276 comments (clear)

  1. So who gets the money ? by EpsCylonB · · Score: 4, Interesting

    VeriSign's wildcard creates a registry-synthesized address record in response to lookups of domains that are not otherwise present in the zone (including restricted names, unregistered names, and registered but inactive names). The VeriSign wildcard redirects traffic that would otherwise have resulted in a "no domain" response to a VeriSign-operated website with search results and links to paid advertisements.

    Why should VeriSign get the money ?

    1. Re:So who gets the money ? by tomstdenis · · Score: 4, Insightful

      Maybe if DNS were used correctly it wouldn't happen that way. DNS is supposed to be distributed. E.g. I contact my router [which runs a DNS server], my server contacts my ISP [which runs a cache] my ISP contacts ??? well it should contact it's providers cache and so on....

      Also verisign makes it money by selling domain names. Recall that they used to be free at one point.

      The DNS control is *entrusted* to Verisign. Versign doesn't own the internet and they could easily be replaced.

      Tom

      --
      Someday, I'll have a real sig.
    2. Re:So who gets the money ? by twistedcubic · · Score: 4, Insightful


      maybe because they're tired of running half of the DNS system for free?

      Are you serious? You think God came down from High and forced Verisign to do this, as if Verisign doesn't have a choice? I don't get the "for free" part either.

    3. Re:So who gets the money ? by squiggleslash · · Score: 5, Insightful
      Part of running a name lookup system includes receiving queries for names that do not exist. I hardly call it "doing it free" considering that Verisign receives money for every registered entry in that table.

      To foist a broken DNS on us in order to introduced a non-consensentual second revenue stream takes some gall. ICANN shouldn't be "asking Verisign" to suspend this, it should be taking actual action against them. I wonder what Jon Postel would say about it?

      --
      You are not alone. This is not normal. None of this is normal.
    4. Re:So who gets the money ? by warkda+rrior · · Score: 4, Informative

      DNS is not distributed, it is hierarchical. The queries travel up the tree (where the client first queries the ISP which is a leaf in the DNS tree), until the reach the top level DNS. Someone has to be at the top and manage the top level DNS. Of course, it does not have to/should not have to be Verisign...

      --
      You need to install an RTFM interface.
    5. Re:So who gets the money ? by Directrix1 · · Score: 4, Insightful

      The real problem here is the fact that one-company is entrusted to run .com . TLDs should be replicated across mutually trusted servers in different companies. It is stupid to put all our eggs in one basket anyways. If we had at least three businesses replicating .com in their servers, and providing them as a public root server, then we could just kick out/ fine/ threaten rogue servers and our DNS queries would round robin to the other companies servers.

      --
      Occam's razor is the blind faith in the natural selection of least resistance and in universal oversimplification. -- EF
  2. I'd love to have been a fly on the wall... by Anonymous Coward · · Score: 5, Interesting

    ...in the meetings in which Verisign decided to implement SiteFinder.

    Do you think they innocently believed they had found a valid loophole for commercial exploitation a legitimate feature of the Internet protocols?

    Or did they say something like this? "Well, OK, so it does violate DNS specifications. People will scream. Let them scream. Nobody can touch us. The IETF has only moral authority. And ICANN and the U. S. Department of Commerce are never going to interfere seriously with any big, successful Internet company. So a few technies get angry, big deal."

    1. Re:I'd love to have been a fly on the wall... by squiggleslash · · Score: 4, Informative
      No, not at the DNS level. At the DNS level, NXDOMAIN should be returned for domains that do not exist. www.sjnnasdfdfjksdfdndajkadjndks.com is NOT a valid name for a machine in Verisign and should never be resolved to a machine in Verisign. If you misuse wildcards to point domains at machines they're not valid for, then it becomes impossible to automatically detect errors.

      While theres some legitimacy in saying "I want every email ending in .isp.net to get directed to mail.isp.net so that all my customers can have subdomains, so I'll use a wildcard for that" despite that resulting in misspellings going to that machine too, there's no such excuse with the Verisign grab. Verisign's wildcard never matches legitimate sites, and it's at such a high level that third parties will regularly be inconvenienced. It's worth noting that every paper I've read on wildcards specifically advises against using them if possible.

      I have one domain at work I maintain that uses one, and we only use it because we know that if we have to get our technical services people and the DNS server company we contract the thing out to to change it for each additional subdomain we add, then it's going to get messy. I'm not happy about it, and if I could manage the name server directly, I'd do that instead.

      --
      You are not alone. This is not normal. None of this is normal.
  3. Versign should have to pay to register domain. by Proudrooster · · Score: 4, Insightful

    I think the real solution is this: If Verisign wants to continue this practice then Verisign should have to pay to register each mis-typed domain. After all, the end effect of Verisign's Sitefinder is to dynamically create a domain if it isn't already registered. Making Verisign pay to register each of these mis-typed domains would most likely halt their practice. In my opinion, Verisign is now "domain squatting" on any domain that isn't registered.

  4. This isn't really new. by windows · · Score: 5, Informative

    Forgive me if I'm being idiotic about this, but relatively recently, the .museum TLD went live. It's just like any other TLD except that domains that don't exist diect you to a page saying the domain doesn't exist and with a couple of links. It's not very different than Verisign's SIteFinder, but there's little to no outcry over this. I'm curious because a lot of the objections about SiteFinder should also be true about the .museum TLD. What's different here?

    1. Re:This isn't really new. by LostCluster · · Score: 4, Interesting

      .com and .net are the two huge TLDs, so implementing wildcard sites on smaller TLDs just wasn't quite as outragious. Also, in the past, most wildcards were sites that only offered to register the non-existing domain at the monopoly registrar of that TLD.

      The controversy on SiteFinder seems to be that they're offering query-based ads, which essentially says "It's against the rules to register the typo of your competitor, but we'll sell you an ad on the site that results from that typo."

  5. Not a "best guess" system by Crimplene+Prakman · · Score: 4, Informative

    In common with the majority of internet protocols, DNS is not a best-guess system, it is a technically accurate way of transferring information, with correct failover mechanisms. From the article:

    As a lookup system, the DNS is designed to provide authoritative answers to queries.

    And later...

    The DNS is not a search service, and presenting speculative mappings based on HTTP inputs is not the service that the registry is expected to provide.

    And later still...

    To restore the data integrity and predictability of the DNS infrastructure, the IAB believes it would be best to return the .com and .net TLD servers to the behavior specified by the DNS protocols.

    That seems to wrap it up really. I doubt any further studies will find differently, unless Verisign follows the apparently accepted way of paying for a biassed study......

  6. IAB response isn't by Frater+219 · · Score: 5, Informative
    "The Internet Architecture Board issued this response to an ICANN inquiry about Verisign's SiteFinder service."

    Actually, if you read that article you will find that it is dated January 25 and is a response to another Verisign screwup. That one was similar to the present one, but had specifically to do with "internationalized" domain names -- DNS records for strings with characters above ASCII position 127.

    Historians find it important to check the dates of events and documents, so they can know which ones could possibly be responses to which other situations. For instance, an American comedian telling anti-French racial jokes in August 2001 could not possibly be responding to the French objection to Bush's war. Similarly, a document released January 25 2003 cannot be a response to a situation that arises the following September. Time just doesn't work that way.

  7. Old IAB response by zjbs14 · · Score: 4, Informative
    People keep quoting that IAB response, but if you look at the date and actually read it, you'll see it's from back in January. And it was in response to Verisign's proposed wildcarding of only domains that contained non-ASCII characters, not all domains. Their point was that wildcarding based on a character set was against standards.

    So I guess Verisign interpreted that as "we better wildcard everything then."

    --
    No sig, sorry.
  8. Right, then! by moehoward · · Score: 4, Funny

    We won't have any of this "advertising" on the Internet. The Internet is surely doomed if we allow it.

    --
    "If you want to improve, be content to be thought foolish and stupid." - Epictetus
  9. Get the latest version of BIND by AchmedHabib · · Score: 5, Informative

    Get the latest version of BIND to block that Verisign junk. go here
    Now all it needs is support for the Evil-Bit in TCP/IP

  10. Real IAB Response by bigal123 · · Score: 5, Informative

    The response in the orignal article links to something old. Here is the IAB's offical reponse. The bottom has a whole section on "Principles, Conclusions, and Recommendations" Good reading http://www.iab.org/documents/docs/2003-09-20-dns-w ildcards.html

  11. Shouldn't we be outraged by email implications? by mentaiko · · Score: 5, Insightful
    Much more than their capturing of all port 80 traffic, I am irritated by what has happened to email.

    Every time I send a message with a typo in the domain name, my message goes straight to Verisign's email servers. Though they are kind enough to send a bounce back to me, in the meantime they have the ability to

    • Read my entire message
    • Stick my name and email address into their database for marketing and resale

    Shouldn't this be the main concern?

  12. VeriSign Power Play by johnthorensen · · Score: 4, Insightful

    Something that seems to be mildly overlooked here, in my opinion, is that this has the power to give VeriSign "ownership" of the web in many users' minds.

    If my mom tries to go to http://www.gooodhousekeeping.com and gets a VeriSign message and a search box, well it doesn't take much of that before she starts thinking that VeriSign == The WWW, because VeriSign is who always tells her what she typed wrong and where she should be going.

    What this comes down to is a company trying to "brand" the web. In many ways, Google has been successful at this, but they have actually played fair and achieved what they have on the basis of merit. VeriSign is ABUSING their power to brand the web as their own.

    It should be patently obvious by now that VeriSign 's modus operandi is one of deceit and trickery. Evidence the fake "renewal" cards they have sent out in the past to "slam" DNS registrants much like the shady phone companies have tried to do with your long-distance.

    Damn, it's ridiculous that people even try to get away with this sort of crap these days...will someone with the power to please stop this?

    -JT