Slashdot Mirror
ICANN Asks VeriSign To Stop DNS Wildcarding
MrClever writes "In this article over at the Sydney Morning Herald (AU), it looks as though ICANN may actually be doing something about the VeriSign changes to .com and .net TLD's. Apparently, while they have been noticably quiet, they have been reviewing community reaction and analysed data from a technical perspective. Here's hoping ICANN pull the plug on VeriSign's TLD administration rights!" And TALlama writes "RSS.com.com (dear $DIETY, will it ever stop?) is reporting that ICANN has asked VeriSign 'to voluntarily suspend the service' of wildcarding DNS, 'pending further study.' Calling it a 'service' is a little bit of a misnomer. If I punch people in the face, can I call that a service, too?"
I prefer my spamfilters intact.
I prefer that my redundant mailservers actually get used.
Do some reading before trying to justify what's been done.
If hackers/spammers could compromise any TLD name server, wildcards or not, I think we could see a fair bit of disruption.
One line blog. I hear that they're called Twitters now.
Unlike other TLDs, namely several country codes, .com and .net have a number of resellers.
.com and .net, they're unfairly leveraging their position to the exclusion of other registrars. They are in effect conveying the message that they run the web.
TLDs with a monopoly really can't be told what to do, because there's no one competing with them in the first place.
With VeriSign doing this on
The point of standards is that you can rely on them. The internet standards are decided on a lengthy consensus process, and at this point the basic protocols of the internet are only changed very slowly and for very good technical reasons. Thus, once you have implemented a service or component based on a standard protocol such as DNS, you can be happy and count on not needing to maintain the component any more. It would set a horrendous precedent if internet infrastructure could be changed at will for marketing reasons, with no repercussions. Suddenly *every* piece of software relying on internet would need a maintenance team ready to change them at a moment's notice. This costs a lot of money, especially for services that are ready, done and just work.
I don't understand why anti-spammers should be so upset by this. Why can't the software recognise that when an address ends up pointing to http://sitefinder.verisign.com, it obviously ain't legit?
Anything that relies on a dns failure could easily be changed to accept a failure or a response involving that ip.
And what happens when they change the IP? Or change to a set of IPs? What happens when you want to run a link checker over your thousand-page website, and all the links that point to websites that have expired domains come back as being non-broken? What happens if you are running an embedded device that doesn't let you hack the software? What happens to the poor shmoes who want to implement a nameserver themselves? Are they going to have to read the RFC and check out whatever stupid trick Verisign has implemented that week?
Does anyone have any problems with that?
Because it's evil. And this is comming from the guy who wrapped his neighbor's cat in shrinkwrap.
Their http://sitefinder.verisign.com is clean and nice page (much like Google).
It isn't very good. Even though Google isn't as good as it used to be, it's still better than this search engine that can't find Verisign.com, let alone any of the sites I actually WANT to find.
They provide people with nice search page.
No they don't. They provide us with a bad search page and a captive advertising audience on domains they don't own.
MS Internet Explorer does almost exactly the same.
It does? When I get an error, it gives me a page with a list of suggestions that don't work. No search engine.
Basically the people who are affected by this mostly are MS Internet Explorer users - they get non MSN based search instead of MSN one.
I don't get an MSN page to come up. Ever. There's an option for that, but it was turned off when I installed, and I never turned it on.
And even if they put some ads later, is there anything wrong with that?
That's like me putting my advertisements up on a billboard that was built, but hasn't been leased yet. The difference is, if I did that, I'd be in jail.
And you can easily disable this on you machine (/etc/hosts)
Easily for what proportion of the people on the internet who don't want this site?
Once Verisign quits doing it, I revert to the damned MSN page every time there's a type-o.
Why isn't anyone bitching about MS?
What if my application already does different things depending on whether the service is misconfigured (DNS error) or just not responding (connection refused)? The Verisign move has merged different failures into one.
For web pages, I couldn't care less. If I mistype a URL and get a search page instead of an error page, it's no big deal.
The problem is that this change doesn't just affect web pages. It affects every program that does a DNS lookup - which is almost everything.
This is not acceptable. If I mistype an address when sending mail, I want to get an immediate error back. I don't want a Verisign server to receive the message. And I don't want my mail server to keep on re-sending the message for five days (which is what will happen if they don't have a mail server at that address.)
If I use a spam filter that blocks mail that has bogus return addresses, it is now useless, because all addresses will now resolve as valid.
By making this change, Verisign has seriously crippled the usefulness of the internet.