ICANN Asks VeriSign To Stop DNS Wildcarding

← Back to Stories (view on slashdot.org)

ICANN Asks VeriSign To Stop DNS Wildcarding

Posted by timothy on Sunday September 21, 2003 @09:44PM from the public-trust-and-all-that dept.

MrClever writes "In this article over at the Sydney Morning Herald (AU), it looks as though ICANN may actually be doing something about the VeriSign changes to .com and .net TLD's. Apparently, while they have been noticably quiet, they have been reviewing community reaction and analysed data from a technical perspective. Here's hoping ICANN pull the plug on VeriSign's TLD administration rights!" And TALlama writes "RSS.com.com (dear $DIETY, will it ever stop?) is reporting that ICANN has asked VeriSign 'to voluntarily suspend the service' of wildcarding DNS, 'pending further study.' Calling it a 'service' is a little bit of a misnomer. If I punch people in the face, can I call that a service, too?"

14 of 221 comments (clear)

ICANN asks Timothy to stop posting Dupes by DrSkwid · 2003-09-21 21:48 · Score: 5, Informative

Apparently Timothy is a Dork

--
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
A service? by Steffen · 2003-09-21 21:50 · Score: 5, Funny

"If I punch people in the face, can I call that a service, too?"

Yes, because so many people need what you are selling.
1. Re:A service? by Sindri · 2003-09-21 22:55 · Score: 5, Funny
  
  You punching some people at VeriSign would be a service to the internet community.
  
  --
  Sindri Traustason.
VerySued.Com by millwall · 2003-09-21 21:55 · Score: 5, Funny

(ICANN) has asked VeriSign to voluntarily suspend changes it made to domain name service zones that have resulted in most mistyped .com and .net domain names being redirected to its own site.
I predict the most common misspelling of VeriSign.com will be VerySued.com
404 by Anonymous Coward · 2003-09-21 21:59 · Score: 5, Informative

ICANN said it is investigating complaints over the wilcard service and asked VeriSign to pull it pending further study. The service effectively replaces the common "404 page not found error" that until now has been the default for absent Web addresses.

404? A HTTP response from a DNS request? Please get your facts straight com.com...
1. Re:404 by Lord+Azrael · 2003-09-21 23:12 · Score: 5, Informative
  
  i think you don't get it. you should see a 404 error only if you ask for a file on a server, which does not exist. but a 404 is not the answer a browser will return, if the domain does not exist
  
  the article makes this mistake again also in the last paragraph VeriSign is not alone in seeking to replace 404 errors. Microsoft has also directed users of its Internet Explorer Web browser to a Microsoft search page when typing unassigned domain names into the browser's URL bar.
  
  unassigned domain names != 404 errors
  
  who the hell wrote this article ?
  
  --
  Lord "not Gargamel's Cat!" Azrael
site finder is misleading by wadiwood · 2003-09-21 22:19 · Score: 5, Interesting

For starters, sitefinder doesn't find the slashdot site!

It isn't nearly as helpful or reliable as google (even if google is censored a bit).

It causes me to download more stuff than I would if they didn't have the diversion abusing my bandwith and data allowances that I have to pay for.

I can turn the msn search in IE off. I turned the sitefinder.verisign.com off by modifying my hosts file but that isn't easy for most of the customers I support.

--

-- it must be true, it's on the internet.
A dup is okay... by AndroidCat · 2003-09-21 22:25 · Score: 5, Funny

After all, when Verisign pays no attention to ICANN's asking them to stop, ICANN will ask them again--maybe even notorized! That'll sure bring Verisign to their knees, oh yeah.
Wake me up when it escalates to wrist-slapping.

--
One line blog. I hear that they're called Twitters now.
1. Re:A dup is okay... by mustrum_ridcully · 2003-09-21 23:33 · Score: 5, Interesting
  
  Well if more companies behaved like this maybe the world would be a better place (well not for lawyers admittedly).
  
  I've lost count the number of times i've seen people in /. write "why didn't they just ask x to stop y". Well now somebody has.
  
  What if SCO just asked for its code not to be used instead of sending the lawyers in?
  
  Or Apple records asked Apple computers to stop selling music?
  
  etc...
Re:Wildcarding? by Molt · 2003-09-21 22:34 · Score: 5, Informative

Okay, in simple terms..

DNS is the method of resolving names to IP addresses, it's what turns 'www.slashdot.org' into 66.35.250.151, or 'www.google.com' into 216.239.59.99

Wildcarding DNS is when instead of saying 'www.slashdot.org is 66.35.250.151' you effectively say 'Everything is 66.35.250.151' and so any domain you're asked to resolve goes to Slashdot's IP address.

What VeriSign have done is to add a final rule to their list, saying 'Anything not in the above is 64.95.110.11' (Or whatever the IP is of their SiteFinder service). This has the result that any DNS request that formerly would have returned an 'Unable to resolve' message now thinks it's resolved correctly to the IP address.

The stink this is causing with spam mail is that a lot of anti-spam measures rely on being able to weed out mail from made up domains simply by checking if the domain resolves correctly.

DNS is actually a *lot* more complex than this, but I think that'll do to explain what's going on here.

--
404 Not Found: No such file or resource as '.sig'
IAB Issues DNS Wildcard Guidelines by FlukeMeister · 2003-09-21 22:35 · Score: 5, Informative

The IAB has issued a set of guidelines for the us of DNS wildcards.

Essentially, they say it's a very bad idea, but you can do it with the informed consent of all delegates in your zone.
They may ask.. but... by Anonymous Coward · 2003-09-21 23:09 · Score: 5, Interesting

If we all add this command:

iptables -I INPUT -j REJECT 69.94.0.0/15

maybe that will get Verisign's attention ;p

Afterall theres nothing they can do about people blackholing them for a good long while until they say they are sorry. As a penalty they should lower the prices of their domain registration, to something competitive.
Re:.nu? by Microlith · 2003-09-21 23:38 · Score: 5, Insightful

Unlike other TLDs, namely several country codes, .com and .net have a number of resellers.

TLDs with a monopoly really can't be told what to do, because there's no one competing with them in the first place.

With VeriSign doing this on .com and .net, they're unfairly leveraging their position to the exclusion of other registrars. They are in effect conveying the message that they run the web.
Re:What's the big deal? by Anonymous Coward · 2003-09-21 23:51 · Score: 5, Insightful

The point of standards is that you can rely on them. The internet standards are decided on a lengthy consensus process, and at this point the basic protocols of the internet are only changed very slowly and for very good technical reasons. Thus, once you have implemented a service or component based on a standard protocol such as DNS, you can be happy and count on not needing to maintain the component any more. It would set a horrendous precedent if internet infrastructure could be changed at will for marketing reasons, with no repercussions. Suddenly *every* piece of software relying on internet would need a maintenance team ready to change them at a moment's notice. This costs a lot of money, especially for services that are ready, done and just work.