ICANN Asks VeriSign To Stop DNS Wildcarding

MrClever writes "In this article over at the Sydney Morning Herald (AU), it looks as though ICANN may actually be doing something about the VeriSign changes to .com and .net TLD's. Apparently, while they have been noticably quiet, they have been reviewing community reaction and analysed data from a technical perspective. Here's hoping ICANN pull the plug on VeriSign's TLD administration rights!" And TALlama writes "RSS.com.com (dear $DIETY, will it ever stop?) is reporting that ICANN has asked VeriSign 'to voluntarily suspend the service' of wildcarding DNS, 'pending further study.' Calling it a 'service' is a little bit of a misnomer. If I punch people in the face, can I call that a service, too?"

Re:What's wrong with domain forwarding?

[rylin]

I prefer my spamfilters intact.
I prefer that my redundant mailservers actually get used.

Do some reading before trying to justify what's been done.

Re:Another reason to stop it.

[AndroidCat]

If hackers/spammers could compromise any TLD name server, wildcards or not, I think we could see a fair bit of disruption.

Re:.nu?

[Microlith]

Unlike other TLDs, namely several country codes, .com and .net have a number of resellers.

TLDs with a monopoly really can't be told what to do, because there's no one competing with them in the first place.

With VeriSign doing this on .com and .net, they're unfairly leveraging their position to the exclusion of other registrars. They are in effect conveying the message that they run the web.

Re:What's the big deal?

The point of standards is that you can rely on them. The internet standards are decided on a lengthy consensus process, and at this point the basic protocols of the internet are only changed very slowly and for very good technical reasons. Thus, once you have implemented a service or component based on a standard protocol such as DNS, you can be happy and count on not needing to maintain the component any more. It would set a horrendous precedent if internet infrastructure could be changed at will for marketing reasons, with no repercussions. Suddenly *every* piece of software relying on internet would need a maintenance team ready to change them at a moment's notice. This costs a lot of money, especially for services that are ready, done and just work.

It's better than MS

[WogboTheFrogGod]

Once Verisign quits doing it, I revert to the damned MSN page every time there's a type-o.

Why isn't anyone bitching about MS?

Re:It's better than MS

[kindbud]

Because MS didn't foobar DNS to do it. They did it in the application, which is where this sort of service belongs. If you don't like the way IE does this, you can turn it off, or use a different browser. Can't turn off VRSN's fuckup.

Re:What's the big deal?

[Progman]

What if my application already does different things depending on whether the service is misconfigured (DNS error) or just not responding (connection refused)? The Verisign move has merged different failures into one.

Re:What's the big deal?

[shamino0]

At first I was kind of pissed about what they did, but what is it really hurting?

For web pages, I couldn't care less. If I mistype a URL and get a search page instead of an error page, it's no big deal.

The problem is that this change doesn't just affect web pages. It affects every program that does a DNS lookup - which is almost everything.

This is not acceptable. If I mistype an address when sending mail, I want to get an immediate error back. I don't want a Verisign server to receive the message. And I don't want my mail server to keep on re-sending the message for five days (which is what will happen if they don't have a mail server at that address.)

If I use a spam filter that blocks mail that has bogus return addresses, it is now useless, because all addresses will now resolve as valid.

By making this change, Verisign has seriously crippled the usefulness of the internet.