Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
If your domain registration site is using a DNS lookup to check if a domain is registered, it is a very poor domain registration site. There is no guarantee that if a domain is registered, there are nameserver records for it anywhere except the gTLD root nameservers.
Registrars should be using the SRS system provided by VeriSign Naming and Directory Services to check if a domain is registered. This is the same system that they use to register domains with the registry (run by VNDS). This system can and does provide a definite yes or no as to whether a domain may be registered.
Love VeriSign or hate it, but get your facts straight.
"The details of my life are quite inconsequential..."
I don't think I've seen this posted before, but some people may find it interesting. Here's the contracts between ICANN and Verisign for .com and .net (.org is there also, but it no longer applies).
Hey, if you feel strongly about this issue, you can reach them directly. Just call 703 925 6999. That's the direct line for VeriSign Naming and Directory Services. I tried to get Rusty on the line, but they're on the East coast and he had already left the office.
I just spoke with a nice secretary lady whom told me that she was 'sad to hear' that I, "an investor", was going to sell my "2000 shares" of Verisign first thing in the morning due to their horrible wildcard DNS policies.
When I asked why they are doing this, she told me it was a "marketing decision" and that "somebody in the marketing department" thought it up.
She said that I was the first person she had heard complain about it, though she had read somewhere that it was "controversial".
If anybody has any success getting through to these people, post any interesting tidbits you find out. Thanks.
# wrote sig.txt, 23 lines, 31337 chars
If you havent allready signed it, there's a petition at http://www.whois.sc/verisign-dns/ to encourage Verisign to rack-off.
Section 4.3.1 of RFC 1034 pretty clearly states that the response to a name query is to be:
Now, the section thereafter goes on to talk about wildcards, so they are pretty much out of luck for saying that VeriSign isn't implementing the RFCs correctly. However, another portion of the RFC makes it very clear that wildcards are only for use within an entity's domain of control (that is, *.foo.com in DNS will not affect lookups under bar.com). The key here is that it is up to the OWNER of the domain in question as to the appropriateness of wildcards in DNS. VeriSign does NOT OWN THE .COM TLD. They merely ADMINISTER it for ICANN. Thus, there is a very good case for VeriSign being in breach of contract by failing to cary out the wishes of the OWNER of the .COM TLD. Which in this case is ICANN.
Basically, I would be a bit more thorough before going to VeriSign, but afterwards, I'd still wack them over the head with the contract and force them to remove the wildcard.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.