Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Asks VeriSign To Stop DNS Wildcarding

Posted by timothy on from the public-trust-and-all-that dept.

MrClever writes "In this article over at the Sydney Morning Herald (AU), it looks as though ICANN may actually be doing something about the VeriSign changes to .com and .net TLD's. Apparently, while they have been noticably quiet, they have been reviewing community reaction and analysed data from a technical perspective. Here's hoping ICANN pull the plug on VeriSign's TLD administration rights!" And TALlama writes "RSS.com.com (dear $DIETY, will it ever stop?) is reporting that ICANN has asked VeriSign 'to voluntarily suspend the service' of wildcarding DNS, 'pending further study.' Calling it a 'service' is a little bit of a misnomer. If I punch people in the face, can I call that a service, too?"

5 of 221 comments (clear)

  1. ICANN asks Timothy to stop posting Dupes by DrSkwid · · Score: 5, Informative

    Apparently Timothy is a Dork

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  2. 404 by Anonymous Coward · · Score: 5, Informative

    ICANN said it is investigating complaints over the wilcard service and asked VeriSign to pull it pending further study. The service effectively replaces the common "404 page not found error" that until now has been the default for absent Web addresses.

    404? A HTTP response from a DNS request? Please get your facts straight com.com...

    1. Re:404 by Lord+Azrael · · Score: 5, Informative

      i think you don't get it. you should see a 404 error only if you ask for a file on a server, which does not exist. but a 404 is not the answer a browser will return, if the domain does not exist

      the article makes this mistake again also in the last paragraph VeriSign is not alone in seeking to replace 404 errors. Microsoft has also directed users of its Internet Explorer Web browser to a Microsoft search page when typing unassigned domain names into the browser's URL bar.

      unassigned domain names != 404 errors

      who the hell wrote this article ?

      --
      Lord "not Gargamel's Cat!" Azrael
  3. Re:Wildcarding? by Molt · · Score: 5, Informative

    Okay, in simple terms..

    DNS is the method of resolving names to IP addresses, it's what turns 'www.slashdot.org' into 66.35.250.151, or 'www.google.com' into 216.239.59.99

    Wildcarding DNS is when instead of saying 'www.slashdot.org is 66.35.250.151' you effectively say 'Everything is 66.35.250.151' and so any domain you're asked to resolve goes to Slashdot's IP address.

    What VeriSign have done is to add a final rule to their list, saying 'Anything not in the above is 64.95.110.11' (Or whatever the IP is of their SiteFinder service). This has the result that any DNS request that formerly would have returned an 'Unable to resolve' message now thinks it's resolved correctly to the IP address.

    The stink this is causing with spam mail is that a lot of anti-spam measures rely on being able to weed out mail from made up domains simply by checking if the domain resolves correctly.

    DNS is actually a *lot* more complex than this, but I think that'll do to explain what's going on here.

    --
    404 Not Found: No such file or resource as '.sig'
  4. IAB Issues DNS Wildcard Guidelines by FlukeMeister · · Score: 5, Informative

    The IAB has issued a set of guidelines for the us of DNS wildcards.

    Essentially, they say it's a very bad idea, but you can do it with the informed consent of all delegates in your zone.