VeriSign Shutting Down Site Finder

00420 writes "VeriSign, the administrator of the .com and .net domains, made plans to shut down its new Site Finder service Friday, after the Internet Corporation for Assigned Names and Numbers ordered the company to undo controversial changes. Of course they're not taking it down because it affected the internet, they're just doing it to keep good relations with the technical community. (Seems a little late for that doesn't it?)" The shutdown is not complete yet, though: VeriSign hasn't changed their wildcard DNS entry (64.94.110.11).

Starwars Moment

[Lord_Dweomer]

Anybody else having that giddy feeling right now? Like the first time you saw Luke blow up the Deathstar in A New Hope?

Re:Starwars Moment

[aardvarkjoe]

That means that we're going to have a bigger, badder SiteFinder pretty soon, right?

Re:Starwars Moment

[NTmatter]

I'm not getting a good feeling about it. Look to the bottom of the article, and you'll see:

"ICANN is using anecdotal and isolated issues to attempt to regulate nonregistry services, but in the interests of further working with the technical community, we will temporarily suspend Site Finder."

Perhaps they'll just rename to "site searcher" and declare that they've shut down the "Site Finder" service.

Re:Starwars Moment

> I'm not getting a good feeling about it. Look to the bottom of the article, and you'll see:

Going with the Star Wars theme, aren't you supposed to say, "I have a bad feeling about this?"

Re:Starwars Moment

[Kenja]

[Emperor Voice]I'm afraid the Site Finder will be quite operational by the time your friends arrive.[/Emperor Voice]

Re:Starwars Moment

[spektr]

That means that we're going to have a bigger, badder SiteFinder pretty soon, right?


We could find: "www.gnu.org"
There is a Web site at this address.

Are you sure? (*) No ( ) Yes [SUMBIT]

Did You Mean ?
We did find these similar Web addresses.

www.sun.com
www.microsoft.com
www.sco.com

Re:Starwars Moment

[Lord_Dweomer]

" That means that we're going to have a bigger, badder SiteFinder pretty soon, right?"

My friend read your reply, and said, "Don't worry, Lando will blow it up and save us all."

To which I replied, "Lando is a fictional character who doesn't exist."

He got a very hurt, very serious look on his face and replied in a very shakey voice, "Lando WILL save us all!"

I made my exit from the computer lab shortly after for fear he would go wookie on me and rip my arms off.

Re:Starwars Moment

[Theatetus]

Easy: the one way to guarantee us geeks will get our panties in a BIND (heh heh) is to have a Responsible Designated Party (tm) violate an RFC or standard. The standard says a DNS server does not return an IP address when no such host or domain exists, NOT that the DNS server resolves the request to some "default no such domain" domain.

I think it also irked a lot of people because it really shows how much the Web has been pushing out all other Internet protocols to the point that the rest don't seem to matter to the Powers That Be anymore. Quite a few Internet users, I imagine, access email and news (and even chat) through the Web. But the other protocols are still there, and still in use.

Personally, it pissed me off because I administer several nameservers and when I mistype a domain in a dig or nslookup I want to SEE IMMEDIATELY that no such domain exists rather than remembering "oh right that's the Sitefinder IP address". Some of the scripts I've written depend, in fact, on nslookup saying "server can't find yaoho.com" and I've had to instead look for the sitefinder IP address.

Anyways, short answer is: geeks hate it because we tend to believe in standards since adhering to standards is the only reason the Internet got off the ground in the first place and it's just as important nowadays that we keep them up.

Re:Starwars Moment

[petabyte]

You forgot one important thing though: Verisign doesn't manage the .org TLD.

As such, I'm glad to have one. :)

Re:Starwars Moment

[NanoGator]

"I'm afraid the Site Finder will be quite operational by the time your friends arrive."

I'm endagering the mission, I shouldn't have posted.

Too little too late

[Tack]

I won't be doing any future business with Verisign, and I plan to transfer my domains to another registrar.

I never much liked Verisign in the past, but since I already had an account there, using them to register new domains was simply the path of least resistance. But their SiteFinder is the straw that broke the camel's back.

Jason.

Re:Too little too late

[Elwood+P+Dowd]

Not only that, but from now on I won't be registering any .com or .net domains. It'll be .org every time.

Re:Too little too late

[carpe_noctem]

Same here. But I only plan to register .cx domains. ;P

But is that all?

[WanderingGhost]

Call me paranoid, but... I wonder if they'll try to revert the situation, or come up with some other (equally hazardous) idea to replace this one. If they invested some money into the idea, I guess they won't give up that easily.

what...?

[TedCheshireAcad]

So.....go....ICANN?

I thought we didn't like them?

Re:what...?

[xanthines-R-yummy]

ICANN, YouCANN, we all CANN for ICANN!

Re:what...?

[Kierthos]

We like them today, because they are hitting Verisign, who we hate more. Tomorrow they will do something stupid and we will hate ICANN again. Such is the way of things here on Slashdot.

Kierthos

Re:what...?

You do realize you can like some things they do, but not others, right?

Try it. Say "As a whole, I dislike ICANN, but they are right on with this whole SiteFinder thing." It makes you look like you can form a rational opinion on something, not this childish "give me some candy or you aren't my friend anymore" attitude that is so popular.

Re:what...?

[RedBear]

I thought we didn't like them?

The question is meaningless. We don't have to "like" ICANN just because they did something "right" today (sort of). Nor do we have to dislike an organization or person that is mostly good if they do one bad thing.

Maybe life isn't black and white. Maybe things aren't just "good" and "bad". Maybe a rational human mind can simultaneously hold two opposing ideas. Maybe an organizations historical competence and intent isn't changed by a single isolated action.

Don't know why I bother. Here, I'll just go for my guaranteed +5, Funny. "You like ICANN today because they're beating up on Verisign, who you don't like even more. Be sure to tune in tomorrow so we can tell you how you feel about Microsoft!"

Pfeh. Anyway, who's this "we" you all keep talking about?

Awwww...

[Disco+Stew]

I love how they play it off like: "Fine, ya big babies, we'll turn it off for a little bit; just to shut you up."

They're such a bunch of jackasses! It's like spitting in our faces for THEIR wrong-doing.

So... nothing about those lawsuits?

[Gwala]

they're just doing it to keep good relations with the technical community.

So, it has nothing to do with the three lawsuits by godaddy, netster and their ilk?

Riight.

-Gwala

How Does VeriSign Even Stay In Business?

[jbottero]

I have a very difficult time understanding how VeriSign stays in business at all considering there are much better options for both domain registration and secure certificates.

Re:How Does VeriSign Even Stay In Business?

[op00to]

Where do you think the bulk of your domain registration fees go to?

Re:How Does VeriSign Even Stay In Business?

[mabu]

The answer is simple. Do your research. You'll find out that Verisign is owned by a bunch of very-well-connected people that seem to know their way around Langely all too well.

Re:How Does VeriSign Even Stay In Business?

[k12linux]

Based on my experience, visibility and FUD seem to be the biggest factors. When it came to getting a cert, I've seen otherwise very intelligent people "play it safe" and go with Verisign. The same thing goes for registering domains.

As long as Verisign can get people to believe their 128-bit certs are better than the next guy's 128-bit cert, they'll get the premium. The problem is usually the people who control the money and decide which vendor to use. They're often not the ones who can evaluate based on technical merits and often the ones more susceptible to marketing.

But hey, that's what marketing is for right? Selling something based on perception instead of it's own merits?

Re:How Does VeriSign Even Stay In Business?

[mabu]

Verisign's connections with the government are MUCH more insideous than most people know.

I still believe the whole concept of charging for domains was technically illegal. They had a grant from the government to manage the TLDs and almost EXACTLY like what happened in the DNS redirection debacle, they decided to arbitrarily change the terms of their service in direct conflict with the agreement under which they were operating.

At the time of the domain charge scam, they got away with it in part, due to the inciteful activity of one big corporation that decided to register virtually every common name they could think of, from diarrhea.com to diapers.com. So the public turned the other way and didn't question the legality of the domain charge in the first place. Only later did someone challenge this and something like half the charges were ruled illegal. But who got their money back? Nobody to the best of my knowledge. NSI stole millions of dollars from the Internet community. What happened to this money?

Then there is the whole issue of the ridiculous terms of service Verisign/NSI employ which are arguably legal in the first place relative to managing domains. Up until recently, we had a domain that legally didn't require any renewal fee (because it was registered before NSI had the facist TOS agreement) but when we changed the nameserver, we couldn't do so without agreeing to the new terms and then were liable for renewal charges.

Re:How Does VeriSign Even Stay In Business?

[karl.auerbach]

Verisign gets $6 each year for each and every registration in .com and .net no matter who you "buy" the name from.

This $6 amount was fixed into the contract under which ICANN (with the help of the US Dept of Commerce) gifted .com unto Verisign effectively in perpetuity (infinite renewals unless Versign does something very, very bad). There are no provisions in the contract to drive that amount to a lower amount. I voted against that contract.

W00T!

[Lord_Dweomer]

Good news.....FINALLY! I swear to god...you read /. for a couple weeks.....and the news is so forboding sometimes that you think the headline tomorrow is going to be "APOCOLYPSE! WE'RE ALL GOING TO DIE!". Then a story like this comes along and makes me cheer and gives me a glimmer of hope. Makes me feel like I'm manic depressive.

Damn the Goddess of Geekdom, she is a fickle mistriss!

Re:W00T!

[AllUsernamesAreGone]

Hey, don't worry about it - if slashdot DID run a "APOCOLYPSE! WE'RE ALL GOING TO DIE!" story, it'd be denounced as a corporate plot, we'd get a dupe and then it'd turn out that the story was actually exaggerated and it is really only going to be a problem for somewhere nobody cares much about, like Utah...

They'll be back...

[PSaltyDS]

From the article: "We will accede to the request while we explore all of our options." or, "All night lawyer party at the home of the VP for marketing!" Techs and engineers will not be invited.

Any technology distinguishable from magic is not sufficiently advanced.

What are some alternatives?

Well, seeing how much ass Verisign sucks, what are the best options out there for people wanting to jump ship?

NANOG Linkage

[The+One+KEA]

Here is the start of a thread on the NANOG mailinglist:

http://www.merit.edu/mail.archives/nanog/msg14917. html

Just goes to show how pissed people really are.....

Verisign vs. ICANN

[r_glen]

Good news! I can now go back to hating both companies equally.

It's still up and running.

[sakusha]

Note that "making plans to shut down" does not equal "shut down."

Email from Verisign

[gfilion]

From: owner-registrars@verisign-grs.com
[mailto:owner-r egistrars@verisign-grs.com]On Behalf Of VeriSign Customer
Service
Sent: Friday, October 03, 2003 6:08 PM
To: registrars@verisign-grs.com
Subject: [RegistrarsList] VeriSign NDS Response to Suspension of Site

To All Registrars,

I am writing to update you on VeriSigns Site Finder service. On Friday,
October 3rd, the Internet Corporation for Assigned Names and Numbers
(ICANN) directed VeriSign, Inc., to temporarily suspend service no later
than 6PM PST, Saturday, October 4. VeriSign requested an extension from
ICANN for 3 additional days for the shut down in order to provide the
technical community time to make any necessary system changes.
Unfortunately, ICANN refused this request. Accordingly, in response to
this demand, VeriSign is temporarily suspending the Site Finder service
as of Saturday, October 4 at 6PM PST.

In suspending the service, VeriSign will remove the wildcard A records
from the .com and .net zones and revert to the former behavior for these
zones which is returning Name Error/RCODE=3 in response to queries for
nonexistent domain names.

VeriSign remains committed to improving the Internet user experience.
We look forward to providing the Site Finder service following this
suspension. Thank you for your business. We greatly value our
relationship with you.

Best Regards,

Chris Sheridan
Manager, Customer Service
VeriSign, Inc.
www.verisign.com

Re:Email from Verisign

[hey]

We look forward to providing the Site Finder service following this suspension.

Er, what?
Maybe they have plans to let ISPs wildcard to Sitefinder for a kick back.

ICANN's power

[chrispyman]

I guess this goes to show that after all ICANN does indeed have some authority over Verisign. Maybe ICANN isn't the pointless and powerless body we though they were.

This HUGE problem hasn't bothered me one bit

I simply placed a entry in my HOSTS file and blocked out Verisign's DNS hi-jacking.

Re:This HUGE problem hasn't bothered me one bit

[curne]

Well it bothered me a lot. I had two excruciationg minutes the other day, while trying to figure out why a hostname had an A record but the domain had no NS entry. Then I remembered the DNS wildcard and damned Verisign to hell.

Do not fuck with the infrastructure of the internet. It is the life blood of successful networking.

Aren't you cool

Simple solution. Everyone just has to manually edit their HOSTS file every time Verisign changes something.

Good thing people like you are around to tell us these things.

Whitehouse is a porn magazine

[DrSkwid]

has been for years

We know why they are doing it . . .

[werdna]

Of course they're not taking it down because it affected the internet, they're just doing it to keep good relations with the technical community.

Nonsense. They have already demonstrated significant contempt for the technical community -- remember their original response to ICANN's advisory?

They are doing it because ICANN's last letter put their super-duper exclusive right to operate the DNS in play. Maybe ICANN could terminate, maybe not -- but who would put the entire business on the line for this opportunity -- particularly when there still is a chance to negotiate something like that in the future?

Temporarily is the word that worries me

[thrill12]

In all the communication Verisign presented, they kept the word "temporarily" or made suggestions which imply that.

Something tells me Verisign still has some tricks up their sleeve, which includes reinstating the service after their laywers have come up with a "satisfactory answer" to ICANN's ultimatum.

Guess I shouldn't take away my wewantour404.(com|net) yet...

A few things

[m0i]

I find interesting that Verisign requested 3 days before shutting down the service to give time for the tech community to adjust.. Did they do this when the service kicked in?
Also, a quick hint to all of you stuck with Verisign to renew because the domain is past due:
Verisign renewal
Pay 15USD instead of 35USD for the very same 1 year reneal service.. Ain't that great?

Re:A few things

[SpectreGadget]

Forget that, transfer to GoDaddy.com for $7.75 and you get a one year extension. I've had no problem with them at all and have been only paying $9/year for my domains.

Re:A few things

[Phroggy]

Verisign still gets your money - GoDaddy has to pay them $6/yr per domain. That's the wholesale fee Verisign charges to all registrars for .com/.net domains.

Re:A few things

[pjrc]

I find interesting that Verisign requested 3 days before shutting down.... Did they do this when the service kicked in?

YES, they did give some advance notice.

In fact, Slashdot had coverage 4 days before it went into effect.

The actual news coverage was at Computer Business Review 6 days before Verisign went live with SiteFinder on Sept 15.

Perhaps it was known before then, but there was certainly more than 3 days. That doesn't make Verisign any less slimey for doing this. But to say they did it without even a few days warning would clearly contradict the news coverage of their intentions at Computer Business Review and here at Slashdot (if you can stomache calling slashdot "news").

Not DNS

DNS does not define wildcard redirections. VeriSign should lose the contract just because of that.

These are the same guys that were ordered by the FTC to stop falsely advertising renewal services, isn't it?

Lame crooks.

I feel sorry...

[infolib]

...for the guy who some day down the line gets 64.94.110.11. All these null routes probably won't go away that easily. He'll have lots of mystified users...

Trouble for VeriSign -- "non-registry service"

[GeorgeK]

What might get VeriSign into very big trouble is the admission, in the press release that "ICANN is using anecdotal and isolated issues to attempt to regulate non-registry services, but in the interests of further working with the technical community we will temporarily suspend Site Finder."

I think this is a brand new tactic on the part of VeriSign, to categorize it as a "non-registry service".

That seems to escalate things to a new level, in that it seems to be an admission of abusing their monopoly in the Registry for the provision of a NON-REGISTRY SERVICE.

It had been my understanding that previously their position would have been that it would have been categorized as a Registry service, but one that didn't need approval due to it being "free" (i.e. needs no contract amendment). However, giving advantage for the provision of a non-registry service seems to be MUCH WORSE. Suppose that NON-REGISTRY SERVICE was a REGISTRAR SERVICE, for example, and VeriSign abused its monopoly to advantage one of their partners in that space? Just like WLS.

Clearly, VeriSign's abusive and monopolistic business practises need to be examined at the highest levels of government and by regulators.

P.S. Keep up the pressure, by supporting the Stop VeriSign DNS Abuse petition -- 17,000 signatures and counting.

It will be back ....

[Leme]

Considering the massive amounts of money I'm sure they have spent on hardware, development and other neccesities on this silly project, I'm pretty confident to say that they just won't roll over and stop without a fight.

I'm sure the lawyers will drag this one out in court.

Verisign is breaking their contractural agreement

[krappie]

"If VeriSign does not comply with this demand by 6:00 PM PDT on 4 October 2003, ICANN will be forced to take the steps necessary to enforce VeriSign's contractual obligations."

Heres one violation that I found.

As noted in the Message from Security and Stability Advisory Committee to ICANN Board:

Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.

Now take a look at verisign's .com and .net contractural agreement in section C4:

4. Nameserver functional specifications

Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182

Of course, Im no lawyer. Any comments on this would be appreciated. It looks pretty clear to me that Verisign isnt meeting their contractural agreements.

I like how Verisign is trying to act like ICANN is acting so rash and irresponsible:

"Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."

This is what ICANN is for. This is excellent news! It doesnt matter how many moronic web users are clicking on things when verisign's page comes up or how useful Verisign's market research shows it is. Its important to adhere to standards. Verisign's excuses are hilarious. "Users find it useful. It has nothing to do with the loads of advertising money we get. I swear!".
Its always about money.

Re:The Enemy of my enemy...

[platipusrc]

Since both Verisign and ICANN qualify as enemies, does that mean that they're both our friends??

Not complete yet?

[kasperd]

The shutdown is not complete yet, though: Verisign hasn't changed their wildcard DNS entry

Actually that means the shutdown has not started yet. Removing the DNS entry is the only thing that matters. The actual webserver can stay for as long as they want, but the IP address 64.94.110.11 will of course never be usable again. We will have switched to IPv6 before the last filtering of that address is removed.

Distribution Point

[Scoria]

Many installations of several Web browsers are susceptible to exploitation. If SiteFinder were somehow compromised externally or internally, one could hypothetically distribute malicious software to a prodigious group of individuals. According to the relevant Yahoo! article, approximately 1.5 million clients were redirected to the "service" daily. Imagine the possibilities!

the REAL verisign press release

[taped2thedesk]

Dear Internet User, In an effort to comply with ICANN's request, we have shut down site finder. Instead, the wildcard dns entry will now point to goatse.cx. We hope you find our new "non-registry" service useful, and look forward to your comments, which can also be submitted at goatse.cx. With Love, Verisign

Well received?

[typobox43]

VeriSign stated that Internet users had visited the page more than 40 million times in the last three weeks.

"The service has been well received by millions of Internet users who appreciate getting navigation tools as opposed to the 'dead end' of an error message," VeriSign's Lewis said in the statement.

Of course, it's considered "well received" because of its 40 million hits... that 99% of which were not intentional. (Of course, the only ones who would actually go somewhere like that intentionally would be us Slashdotters... have to see what all the buzz is about :) Is telemarketing "well received" because 40 million people actually pick up the phone? (regardless of whether they hang up or not)

Verisign Discards Wildcards...

[MadEyeMoody]

As of about 8:00 PM EST the wildcard A records pointing to 64.94.110.11 appear to be gone. I'm now getting normal NXDOMAIN responses to queries for nonexistent names.

As for the Web site, I suppose they must have taken that down, too. If you try explicitly going to http://64.94.110.11 (sitefinder-idn.verisign.com) you get a keen little page that says

We didn't find: "64.94.110.11"
There is no Web site at this address.

and I'm sure VeriSign wouldn't fib about a thing like that....