Verisign Plans to Revive SiteFinder Advertising 'Service'

kiddailey writes "Claiming that their own independent examination of their controversial redirection service has found 'no security or stability problems', and that 'Internet users consider the service a helpful tool to navigate the web', Verisign has announced that it will give a 30- to 60-day notice before resuming the SiteFinder 'feature' that it voluntarily shut-down a couple of weeks ago."

WWW != Internet

[ericspinder]

Repeat after me, the World Wide Web is not the entire Internet. Now many applications will resolve a screwed up domain name and try to make a connection to Verisign's site. Instead of getting a "unknown host" programs will get a "service not found" which is a very different error. Or at least that is how I see it, I am only moderately knowledgable about DNS issues.

Re:WWW != Internet

[rumpledstiltskin]

oh yeah?? well, then why is it that when I click "Internet Explorer" I get taken to the world wide web? answer me that smartypants..

Re:WWW != Internet

[irc.goatse.cx+troll]

As I said in my journal entry, Verisign sucks my peenar.
me-->(_(_)====DO:--verisign.net A 64.94.110.11
(Yes, this actually resolved that way before.)

Re:WWW != Internet

[medina]

Not to mention the lovely timeouts one has to wait for...

Have they addressed the issues of postmasters who can no longer handle mail to non-existing domains locally? (they have to send the mail to Verisign first, then handle the bounce, rather than relying on DNS). "Tweaks" probably won't fix this.

Re:WWW != Internet

--erm, meant to reply to story not a post. slashdots responding really slow for me, anyone else?

7 [AS1668] [ATDN] pop1-hou-P0-3.atdn.net (66.185.133.149) 120.9/114.0ms
8 [AS1668] [ATDN] bb1-hou-P2-0.atdn.net (66.185.150.148) 135.7/67.1ms
9 [AS1668] [ATDN] bb1-dls-P6-0.atdn.net (66.185.152.132) 133.3/101.7ms
10 [AS1668] [ATDN] bb2-dls-P2-0.atdn.net (66.185.153.29) 135.4/96.3ms
11 [AS1668] [ATDN] bb2-kcy-P6-0.atdn.net (66.185.152.129) 160.3/116.1ms
12 [AS1668] [ATDN] bb1-kcy-P1-0.atdn.net (66.185.152.126) 156.0/104.2ms
13 [AS1668] [ATDN] bb1-chi-P6-0.atdn.net (66.185.152.124) 159.5/119.9ms
14 [AS1668] [ATDN] pop1-chi-P0-0.atdn.net (66.185.141.85) 159.3/128.1ms
15 [AS3561] [CW-10BLK] dcr1-so-5-3-0.NewYork.cw.net (208.174.224.29) 152.3/132.6ms
16 [AS3561] [CW-10BLK] dcr1-so-4-0-0.Chicago.cw.net (208.175.10.97) 170.2/129.1ms
17 [AS3561] [CW-10BLK] dcr2-loopback.SantaClara.cw.net (208.172.146.100) 193.2/219.2ms
18 [AS3561] [CW-10BLK] bhr1-pos-0-0.SantaClarasc8.cw.net (208.172.156.198) 384.5/178.2ms
19 * [ASN?] [SC8-2] csr2-ve243.SantaClarasc8.cw.net (66.35.194.51) 182.1ms
** [firewall] the next gateway may statefully inspect packets
20 [ASN?] [SC8-2] 66.35.210.202 93.5/187.7ms
21 [ASN?] [SC8-2] [target] slashdot.org (66.35.250.150):80 88.0/205.5/*/*/*ms

Re:WWW != Internet

[ScottSpeaks!]

Because Microsoft named their web browser poorly. "Web Explorer" would have been more accurate, and wouldn't have led people such as yourself to get so confused about the distinction. There's more on the internet than just the web. But you probably wouldn't know that, because IE doesn't show the rest of it to you.

Re:WWW != Internet

[zsau]

Internet Explorer also does FTP, and I think when it was first written Gopher. It may still do Gopher. Therefore, Internet Explorer does more than just the web, and Web Explorer would be the misnomer.

Re: Re:WWW != Internet

[iuyterw]

Congratulations!

You have no sense of humor!

Re:WWW != Internet

[millahtime]

This will take mail to a whole new problem. Especially when it comes to isps being able to diagnose problems. Say someone misspells the domain...instead of it coming back saying the domain was bad you will get a user error. How many average users will notice to check that?? I worked tech support for years and from my experience this will be something quite interesting to explain to niave customers until some sort of method or patch is worked out. And from a mail administrator this just plain blows. I hope the patches are being worked on now. I also hope that bind guys are working on making a more stable patch that might be a better way of bypassing this.

Re:WWW != Internet

Repeat after me, the World Wide Web is not the entire Internet.

Oh and I suppose you also think Al Gore didn't invent the Internet.

Re:WWW != Internet

[millahtime]

come on. we all know he didn't invent the internet. just the www.

Re:WWW != Internet

Yes, also just got another 500 error from the server on my first attempt

Re:WWW != Internet

[AKnightCowboy]

Repeat after me, the World Wide Web is not the entire Internet. Now many applications will resolve a screwed up domain name and try to make a connection to Verisign's site.

Just install (or bug your ISP to install) BIND 9.2.2p2 or above and add:

zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};

I've resolved millions of queries since I put that in and have NO problems. Unless Verisign plans to implement their sitefinder "service" using another mechanism to get around the wonderful BIND patch, there's really nothing to worry about.

Re:WWW != Internet

[Loconut1389]

Another article said the bind patch broke some TLD's.

Re:WWW != Internet

[ceejayoz]

that "wonderful BIND patch" happened to have "unexpectedly broke at least 7 Top Level Domains"...

Re:WWW != Internet

No shit sherlock, but that has nothing to with the patch, only with the idiots that use it on TLDs that are not affected by the sitefinder crap.

Re:WWW != Internet

Every software can break in the hands of idiots. If you use the BIND delegation-only patch as it was intended, eg. in the way described by the grandparent comment, you have (and cause) no problems.

Re:WWW != Internet

[skookum]

Maybe you should try reading that article first. There's nothing wrong with the BIND patches if used as the parent suggested. It was improper application of the "delegation-only" feature to all domains that caused the breakage. In other words, it's a configuration error. Blame the sysadmin, it is no fault of BIND.

(That whole story should have been modded "-1, Troll")

Re:WWW != Internet

[Loconut1389]

I stand corrected. And admittedly, that was one of those articles i only glossed over. Usually I read more in depth. Thanks for the correction, however there was no need for the tone in one of the replies.

Re:WWW != Internet

OMG You're a fucking faggot pussy!

Re:WWW != Internet

[perimorph]

But on the positive side, this will make Verisign the world's largest recipient of spam!

Re:WWW != Internet

[AKnightCowboy]

I stand corrected. And admittedly, that was one of those articles i only glossed over. Usually I read more in depth. Thanks for the correction, however there was no need for the tone in one of the replies.

No big deal. The article was probably submitted by a Verisign marketing department employee to spread FUD. The config option it mentioned wasn't even introduced into the stable release (9.2.2) AFAIK, only the release candidate for 9.2.3.

Re:WWW != Internet

[MillionthMonkey]

Why is it when I click on your site I get an "unhelpful error message"? ("Alert- www.linux-screws.com could not be found. Please check the name and try again.")

You had a very nice search page there a week or two ago.

Re:WWW != Internet

[Type-R]

WebExplorer was already being used by IBM in OS/2. :)

Re:WWW != Internet

[SpaceLifeForm]

It also will become the largest collector of e-mail addys to sell to spammers.

Re:WWW != Internet

If only people had that kind of influence over ISPs.

Where do you contact a big ISP about things like this? If I could get them to fix non-recursive queries, too, I could run dnscache and avoid using their name server altogether...

Re:WWW != Internet

[Ben+Hutchings]

That's a terribly thin one you've got there. I wouldn't wave that around if I were you.

Re:WWW != Internet

[Ben+Hutchings]

That's only a problem with the "root-delegation-only" option, not the options used in the comment you replied to.

Re:WWW != Internet

[You're+All+Wrong]

Hahahah, you mentioned 'stable' in the context of BIND.
Man you have a sense of humour!

Here's an exerpt from Dan Bernstein's (of djbdns fame) view on BIND's stability: ...
bug bug bug bug bug bug bug bug bug bug
bug bug bug bug bug bug bug bug bug bug
bug bug bug bug bug bug bug bug bug bug
bug bug bug bug bug bug bug bug bug bug ...

http://cr.yp.to/djbdns/blurb/unbind.html

YAW

Re:WWW != Internet

Hahahah, you mentioned 'stable' in the context of BIND. Man you have a sense of humour! Here's an exerpt from Dan Bernstein's (of djbdns fame) view on BIND's stability: ...

How did you have time to type that while giving fellatio to Dan Bernstein?

Re:WWW != Internet

Yea, all of them bad. I wouldn't want to buy them.

Prediction of WWW Demise

[Egonis]

"The Internet" is far different than the WWW, as I am sure has been mentioned several times by now.

My prediction is that WWW will go out quite like Gopher, and will be replaced by a slow-emerging alternative client/server, preferrably untouchable (for the moment) by ultra-capitalist org's like Verisign

Re:Prediction of WWW Demise

Verisign needs to be stopped now.. Its bad enough the f***ed up all my spam filters. They are not the overlords of the internet. ICANN needs to beat them like the red headed, greedy ass step child that they are. They could give a sh** about helping people all they are interested in the the advertising money!!!!

my .2 cents

Re:Prediction of WWW Demise

[sirbone]

> preferrably untouchable (for the moment) by ultra-capitalist org's like Verisign

Or preferrably ultra-capitalist orgs unlike verisign would be allowed to touch it so that they would have to give in to market pressure. A government created monopoly like we have here is not a capitalist system. And putting ultra-socialist regulatory orgs in control would do nothing to help. That eliminates any motivation for progress, as indicated by the stagnant state of our socially regulated energy grid. (Newsflash: it was never deregulated.) People and organizations are typically quite unmotivated when they have to work for the good of everyone but themselves...

Re:Prediction of WWW Demise

[Frit+Mock]

The are more interested in control, than the are interested in advertising.
With control, you can make much more $ than with advertising.

Asuming the would record misspells and offer a "service" to companies ... something like a "misspelled domain naime registration"?

Hey, for a few more $ you can register your domain name _plus_ 400 misspellings of your domain name, doesnt that sound grat for Mickeysoft!?

Re:Prediction of WWW Demise

[arkanes]

Heres another newsflash: Capitalism does some things poorly. One of the things it does poorly is handle monopolies. Having multiple competing registration authorities is counter productive, so somebody has to be in charge. Verisign was selected to be that someone (by ICANN, not by a government). They've since abused that position of trust to make a profit at the expense of the service they were entrusted with.

Re:Prediction of WWW Demise

[sirbone]

Here's an idea. One of you ingenious capitalists out there could recognize the frustration ISPs are having and so invent a distributed DNS system. Then sell the software to companies that would like to take a hand at selling DNS services. ISPs irrate with Verisign could sign on to this and select which node they want to use and pay that service provider. Those that provide unreliable service or features everyone hates would lose business to those that play nice. Problem solved.

Maybe that is not technologically feasible so better yet, come up with DNS software (like the people behind BIND sort of did) that stops the irritating "features" from Verisign and sell that to ISPs. End result: Verisign gets put in its place by empowered ISPs. Or even better, ISPs could band together for their mutual profit by writing something themselves and sharing it among those who helped create it, using mutual cooperation to increase productivity among all participants. They could then use this to their advantage by advertising it to prospective customers as an anti-spam feature since it helps preserve anti-spam software that checks for domain spoofing. This leads to greater demand for ISPs that block Verisign, and thus the people put Verisign in its place. There's capitalism at work!

Typos != intentional usage

[tcopeland]

From the Verizon site article:

"Prior to ICANN's October 3 directive to shut down the service, Site Finder had
been used more than 48 million times by Internet users to get where they want to go online."

"...has been used more than 48 million times...". Makes it sound like folks are eagerly flocking to the Verizon web site to 'use' this service. It's as if the highway administration shut down all lanes of I-95 and then celebrated the increased HOV usage.

Re:Typos != intentional usage

[Rude+Turnip]

I believe you meant to say "Verisign." Verizon is the (slightly less evil) phone company for much of the Northeastern US.

Re:Typos != intentional usage

[tcopeland]

Oops, right you are, thanks.

Re:Typos != intentional usage

[Ianoo]

So what they're saying is that while Sitefinder was up, people trying to get to .com or .net addresses made 48 million typos? Well, whoop-de-do. I mostly work from my bookmarks these days, but still make at least one domain name typo a day, on average.

Re:Typos != intentional usage

[Midnight+Thunder]

What I don't like about this service is that the typos are now kept by your web browser.

In the past if the page was not found your web browser would do something about it like not display anything or display a custom search page. In both cases you wouldn't be confronted with your typo next time you try typing the right address.

This service should be provided by the web browser and not Verisign, since at least that way you have the option of customising the service you use. BTW I have found out that some country level domains are doing exactly what Verisign is trying to do. For example type 'www.afsdasf.cc' in your web browser.

BTW While I think about, can anyone give me an example of a valid use of the DNS wildcard - its not that I don't believe that its useful, its just I don't know enough to prove that it is.

Re:Typos != intentional usage

[Ianoo]

A lot of the commercialized country TLDs do this. For example, cx, tv.

Re:Typos != intentional usage

[Guido+von+Guido]

I believe you meant to say "only slighly less evil." Let's be accurate here.

Re:Typos != intentional usage

[_LORAX_]

SUNY albany uses wildcarding, but only on our private network for registration.

example ... when they come to school they get a temporary IP address. The DNS the get ONLY resolves to one address and then gets re-directed to a real website from there so that they can register. After that the get a real IP and a real DNS server.

That way, any homepage or any site will resolve to the registration page.

So wildcarding *can* be useful.

Re:Typos != intentional usage

[Zocalo]

BTW While I think about, can anyone give me an example of a valid use of the DNS wildcard - its not that I don't believe that its useful, its just I don't know enough to prove that it is.

Here's a few:

• Musadoma's (approved) use of wildcarding to provide an Index of the .musuem domain
• Directing user homepages to a central web server cluster for ISPs that use things like "http://customer.isp.net" for their user's homepages (* IN A www.isp.net). I've also used this to provide a customer bandwidth graph to customers with leased lines at an ISP.
• Similarly, redirecting mail to a central point for dropping into POP/IMAP boxes (* IN MX 10 mail.isp.net)

There are several others, but these are the ones that you are most likely to see in the wild. Only the first is applicable at the TLD level though, but I suppose if you were the sole ISP for a *really* tiny ccTLD (like The Vatican, say) then you might want to use wildcards in the ccTLD for mail etc.

Re:Typos != intentional usage

[Frit+Mock]

Ok, but is there any valid use of DNS wildcarding, that _cannot _ be achieved in different ways?

Re:Typos != intentional usage

[cyberjoe]

It's as if the highway administration shut down all lanes of I-95

Don't they do that everyday anyway? Oh wait, that's the fucking hacke -- er, drivers that can't keep all their cars between the lines.

Re:Typos != intentional usage

[Pofy]

Another obvious problem with the "site finder" is that it has mostly no clue in what language a user uses and hence will probably pop up an english search page for example, regardless of what language the user has. Hardly something good.

Re:Typos != intentional usage

[Divide+By+Zero]

...in limited applications. UMich does (used to do) the same thing. Which is fine, for that application. They're controlling their own network.

But redirecting TLDs smacks of cybersquatting.

Think about it: Verisign is making money off my typos by posting ads or "adding value" to their (hypothetical?) service to sell redirections of typos to the real owners.

How is this different than me registering www.microsfot.com, oracel.com, etc, building a site pointed to those domains, and then loading it down with porn banner ads? How quickly would I have a cease-and-desist in my mailbox from Bill's/Larry's lawyers?

Hell, if Verisign wanted to redirect typos to a page that said "YOU TYPOED THE URL, JERKOFF. TRY AGAIN." and then put some ads on the bottom, I'm almost fine with that. Yes, I'm still putting hits on their banners, but at least I know I screwed up.

Re:Typos != intentional usage

[Zocalo]

Technically, no, but put yourself in the place of a big ISP with hundreds of thousands of customers like in example #2. Which would you rather have; one DNS wildcard and that's it, or the requirement that for each customer you have a dedicated hostname and A/MX records? the former is a "fire and forget" solution. The latter means that for additions/deletions you ammend a *huge* list of DNS hosts, increment a serial number and reload that information across all of your DNS servers. There could also be several hours delay while DNS caches expire too.

Wildcards do have their place, it's just not at the TLD level.

Re:Typos != intentional usage

[Midnight+Thunder]

When you do this, I assume its when they use a web browser. In this case does the page show up as a '500' status error page or a normal '200' status page?

RFC rfc2616 - Hypertext Transfer Protocol -- HTTP/1.1

Re:Typos != intentional usage

[stfvon007]

Today terrorist blew up part of the golden gate bridge. Since then 1,000,000 people have driven off the edge of the bridge and plunged into the water. The terrorists state that because there are so many people driving off the edge of the bridge it must be what the people want, so they are planning to keep it that way.

Re:Typos != intentional usage

That is a problem which could be fixed. Browsers are supposed to send their users' language preferences to the server. Google, for example, acts on this information and shows you a translated page. Verisign could and should do the same if they intend to reinstate Sitefinder.

Re:Typos != intentional usage

[tcopeland]

+1, Better Analogy.

Re:Typos != intentional usage

It CAN be, but not always. Wildcarding in a corporate or school network is useful to maintain productivity so people like me aren't posting on Slashdot instead of working. Wildcarding in an ISP is a step up the piss-me-off scale, but people who care can get another ISP and not have the problem, and people who don't care don't care, so why should they care? Wildcarding through a browser like IE does is fine with me because you can turn it off, pick a different search engine, or use a different browser.

But wildcarding a TLD has all the good features, but it doesn't have an escape route for people who care about the bad parts. We can't opt-out, we can't use a different brand, we can't uncheck the box for it, and an armed insurrection of Verisign's headquarters is a bit inconvenient just to get a couple lines of code fixed.

Re:Typos != intentional usage

[ckaminski]

But that's true of ALL the ILECs. Verizon isn't the only phone company up here. I can get phone service from boatloads of companies. Just because Verizon OWNS the wires and switching equipment doesn't mean that they're my phone service provider.

And I imagine it's pretty much the same with all the rest of the ILECs.

-Chris

Re:Typos != intentional usage

[Malor]

Very simply, they're using their government-granted monopoly power to illegally leverage themselves into a new market, that of search engines.

It seems very unlikely to me that any SiteFinder service will ever happen unless NetSol manages to convince ICANN and, presumably, Congress to change their charter. I suspect Google and Yahoo are likely to have a few things to say about that.

Re:Typos != intentional usage

Simple, verisign are CUNTS

Re:Typos != intentional usage

[arkanes]

It's a 200, which is actually correct - the redirection is happening at the DNS level and has nothing to do with HTTP.

Re:Typos != intentional usage

Verizon != Verisign

Re:Typos != intentional usage

[mattdm]

lwell, except for the 4-year-old bug in mozilla (#9203, if you're counting -- direct links from /. not allowed, but: http://bugzilla.mozilla.org/show_bug.cgi?id=9203) which makes it save incorrect URLs anyway...

Re:Typos != intentional usage

[phorm]

Indeed. Are they considering use simply when somebody mistypes a domain and ends up in sitegrinder, or when they actually end up where they wanted to be (and how do they tell).

Re:Typos != intentional usage

[gid]

BTW While I think about, can anyone give me an example of a valid use of the DNS wildcard - its not that I don't believe that its useful, its just I don't know enough to prove that it is.

Sure, go here. Or did you mean a use for the global dns wildcard? In that case, no, I can't think of one.

Re:Typos != intentional usage

[VertigoAce]

Take a look at the .name TLD. You don't own www.lastname.name, instead you can register www.you.lastname.name. If you go to the generic page, it gives you information about the .name system (and links to a bunch of registrars that can register your name for you).

Re:Typos != intentional usage

Technically the browser is requesting a page which the server doesn't have. Since the advent of name based virtual hosting, sending the HOST header is a requirement for a usable browser. The server should probably act as a gateway which can't reach the target server and thus return "502 Bad Gateway".

Re:Typos != intentional usage

[Guido+von+Guido]

Now where did I say the other ILEC's aren't evil? :)

Re:Typos != intentional usage

[Wolfier]

Since we *LOVE* their service, let's eagerly flock to SiteFinder by surfing a random URL every millisecond!!

Re:Typos != intentional usage

[ShadowRage]

did they forget to mention all those hits were due to the common mistyping of domains which happens daily?

I think we should start boycotting .com domains, though like it's not going to work any.

Re:Typos != intentional usage

[Pofy]

Ohh, Google? Who turn into finnish just because the main company is finnish while I work in Sweden for a swedish daughter company? Yeah, works perfectly, right.

For obvious reasons it is better to handle these things on each users computer.

Re:Typos != intentional usage

[Progman]

nah, the browser is being handled an IP for its DNS request, and when it issues the HTTP request it's getting an answer. There's nothing wrong with wildcarding virtual hosts at the HTTP level. The server definitely has the resource the browser is asking for.

Re:Typos != intentional usage

[aceat64]

"and an armed insurrection of Verisign's headquarters is a bit inconvenient just to get a couple lines of code fixed."

Actually, I think it's a great idea, I'll go get my shotgun...oh wait that was CS, damnit.

Re:Typos != intentional usage

GET / HTTP/1.1
Host: www.google.com

That's what the first two lines of a frequently issued HTTP request look like. Your server does not have the requested resource, so it should not answer with a 2xx code. Claiming that your server is www.google.com when that connection is just the result of a DNS redirection would be unnecessarily misleading. You can use wildcards for your own servers, but if you use DNS-wildcards to redirect all web accesses in order to force a registration, 2xx is not the correct answer.

Re:Typos != intentional usage

This *is* handled on your computer. Your browser has a configurable option which influences the "Accept-Language" HTTP header which is sent with all requests. Set this option to your desired language code (en-us: US-English, de: German, es: Spanish, fi: Finnish, sv: Swedish) and if Google offers a translated page in your language, then that's what you get.

Re:Typos != intentional usage

[Tokerat]

Speaking of typos on the Internet...It's VeriSign. Verizon is phones, VeriSign is DNS.

Do you hear me now? Good.

Re:Typos != intentional usage

Eye-nine-wha? H-wah-V-wah? Does not compute! Brain exploding...must remember - to....read...articles....posted in....English....

Re:Typos != intentional usage

[juhaz]

No, it's not.

Of course it could be, if implemented correctly but Google version at least sniffs the country from domain (*.fi -> Finnish), or perhaps wherever the IP block is registered.

Just tried, removed all google cookies and confirmed I had nothing but english and us-english in languages, Finnish. Retried with Finnish now in list but put it last in order so it should be only given if English page is not found, still Finnish.

Re:Typos != intentional usage

True, Google does more than responding to the Accept-Language header. I gave Google as an example because some of their pages (Google Zeitgeist) work as expected. AFAICT only the main page uses extended location guesswork. Anyway, point stands: Verisign could correct Sitefinder's English centricity.

Re:Typos != intentional usage

[Pofy]

I don't think we are routed through Finland and it should (if anything) be a .com address you find. In any case, it shows the problems.

Re:Typos != intentional usage

Where do you think most of their millions of "uses" came from, hmmm?

Re:Typos != intentional usage

[Frit+Mock]

You are right in every single point!

The most important one is that wildcarding has no place at TLD level.

That's, _because_ there is nothing that can be achieved different and there is _no_ practical advantage here (as it would be in your ISP example) and because there are too many disadvantages!

*sigh*

[yorkrj]

I can only hope that Verisign will upset enough of the wrong people that there will be a move to dethrone them from the .net and .com domains. We would do better to have a not for profit running the show. Here's hoping that Verisign continues to be the pompous greedy company that we all know them to be!

Re:*sigh*

[surprise_audit]

Didn't someone post a patch for bind that takes care of the Verisign problem? Dunno how it would have worked, but it would be really funny to watch Verisign slowly fall off the 'net as people apply the patch...

Re:*sigh*

It's a shame, but the bind patch doesn't make Verisign drop off the net. If applied correctly, it fixes the problem without collateral damage: Only delegation answers are accepted for domains under com and net, no authoritative records (which the servers send to direct you to Sitefinder).

Suing carnaval continues

[Rajesh+Gupta]

VeriSign is trying to impede on the world's Web adresses. ISPs and big networks should unite in giving them a good correction ASAP.

Average user likely doesn't know...

[mopslik]

"Internet users consider the service a helpful tool to navigate the web."

I'd guess that most Internet users, not being part of the Slashdot-loving geek crowd, aren't even aware of the service to begin with. More than likely, the poll asks a question like, "Would you, as an internet user, appreciate a service whereby a system locates the correct web site when you make a mistake?" I can see most people saying "yes" to that.

Re:Average user likely doesn't know...

[jniver]

What I always find surprising is that people will just try to figure out a website.

People make a living off of this, eg: whitehouse.com. It's a dirty business practice, which needs to stop.

People should use search engines if they don't know what the website is, not just enter blind URLs. Sitefinder will encourage this type of activity. I find this a major step backwards in the development of the WWW.

Sorry if you are one of the slime who makes a living off of this type of advertising (if that's the correct word for this type of activity)

But that's just my $.02

Re:Average user likely doesn't know...

[mopslik]

What I always find surprising is that people will just try to figure out a website.

While whitehouse.(com/gov) is a good example of why cybersquatting is a nasty business, I prefer web addresses to be inherently "guessable". In a perfect Internet setting, I shouldn't have to use Google to know that ID Software is at idsoftware.com. In general, I'm happier when I can figure out a website rather than having to rely on a third-party to locate it for me.

Still, I understand where you're coming from. The "figuring out" isn't so bad, but cybersquatting does take its toll and is a pain in the ass.

Re:Average user likely doesn't know...

[Evil+Adrian]

People should use search engines if they don't know what the website is, not just enter blind URLs. Sitefinder will encourage this type of activity.

I hope it does encourage that type of activity. The domain name system is, to use a technical term, fucking retarded, and maybe if enough people make a noise about SiteFinder and the domain system, perhaps we can do away with it in favor of a better system. Domains, the way they're handled now, aren't a logical way to organize information. Adding TLD after TLD only encourages companies (and people) trying to protect their name to buy more and more stuff domains. So basically, it's a crappy artificial market for registrars to make a buck.

Re:Average user likely doesn't know...

[pretzel_logic]

The average user is on dial-up and is not amused after waiting 30 seconds for an ad page. wasted bandwidth.

Re:Average user likely doesn't know...

[jbottero]

"The average user is on dial-up and is not amused after waiting 30 seconds for an ad page. wasted bandwidth."

The "average user" does not know what "bandwidth" is, nor care about it. And, the "average user" does not care about getting VeriSign's "SiteFinder" page, in fact most "average users" will use it when they are dropped there. Don't confuse the "average user" with the "average Slashdot reader".

Re:Average user likely doesn't know...

[squiggleslash]

whitehouse.com is not an example of this type of dirty business practice. The hostname reflects the name of the magazine which has been around for decades.

And, thinking about it, shouldn't it really be President.gov? It's not as if you reach the legislature via CapitolBuilding.gov.

Re:Average user likely doesn't know...

[realdpk]

As was said in previous Verisign articles, the "white house" magazine existed long before the domain. So if anything, it was a case of "magazine squatting" before it ever became "cybersquatting".

Nothing stopped the White House from registering whitehouse.com, back in the day.

Re:Average user likely doesn't know...

The domain name system is, to use a technical term, fucking retarded,

Ok, so just because you fuckwit are too retarded to understand what a domain name is should everybody else lose the benefit of this system, which has worked just fine for the last 30 years?!?

Let's write to ICANN

[Pig+Hogger]

Let's write to ICANN, and ask them to lift Verislime's mandate because they **BREAK** the internet.

NOW!

Standards are Standards

[Doesn't_Comment_Code]

There is a fundamental issue of standards that Verisign is not getting. The whole point of standards is so that everything runs smoothly, especially systems that rely on many many interconnected entities, like the internet.

Whenever someone blatantly blows off standards to line their pockets a little, it has serious implications for the continuity and integrity of the system.

If Verisign would like to continue making money from the internet, they should play by the collective rules that allow fair access according to standards. If they are not willing, they should be treated as an error, and routed around.

Re:Standards are Standards

[Eric+Ass+Raymond]

Standards are standards, yes, but what about the right to innovate and to make it pay?

Re:Standards are Standards

[millahtime]

Is this really a good innovation? Maybe IE or other browsers bringing up a search page saying it couldn't find the site and offering options but to put it into the registrar. And what are they going to offer suggestions by??? What companies pay them to be tops on the list?? To have a "service" like this they have to be making money. If it's free to the end user then most likely it's advertisers paying. So, now verisign will choose the options people see when they misspell a domain. I have to say I don't really like that.

Re:Standards are Standards

[Doesn't_Comment_Code]

Standards are standards, yes, but what about the right to innovate and to make it pay?

Of course there is a right to innovate and make it pay, but Verisign has a prior obligation to uphold role they took on. Police don't innovate after they get the job. Neither do surgeons or firefighters. There are specific people who's role is to innovate, such as lawmakers, medical researchers, and scientists. And those innovations, after shown to be safe and advantageous, are carrie over to the first set of people. Police implement what the lawmakers say... etc.

There are consequences when someone with a well defined duty strays from it. In this case Verisign agreed to resolve names as the current standards dictate, not to say, "I feel like doing it differently today."

Re:Standards are Standards

[eyegor]

Geez.. That sounds like someone else we know....

Hmmm... now who can it be?

Perhaps.....

SATA^H^H^HMicrosoft!!?!?!?

Re:Standards are Standards

There are specific people who's role is to innovate, such as lawmakers

HA HA HA HA HA HA HA HA! You crack me up dude. Where are you from? Not from the USA are you?

Re:Standards are Standards

[Syrrh]

This is hardly an 'innovation'. Register.com got spanked for putting up a welcome page on registered domains without a specified website. Verisign should get some serious lumps for doing it to unregistered domains that they don't even have any specific rights to.

CCTLDs can kind of get away with their redirects because they're usually managed by a single registrar. Claiming the entire .com and .net TLDs is robbing all the other registrars that are supposed to be equal.

I hope GoDaddy's lawsuit totally ownzors Verisign. I mean like, literally... ICANN should threaten to completely revoke stewardship of the root nameservers for bullshit like this. Network Solutions was a disaster, and it's only getting worse now that it has to share. What do you do with a 2-year old that can't share? Take his toys away and stand him in the corner.

Hello ICANN?

[tequila26er]

Let's just hope that ICANN actually follows through with their earlier threat of legal action. Boy would it be nice to see Veri$lime lose their contract.

HEY!

It's _MY_ internet. I can do whatever I want.

I'm ready not to use....

[Creepy+Crawler]

.COM anymore. I cant afford to sue or anything, but I can refuse to make their "service".

3 words to Verisign: Fuck it all.

Re:I'm ready not to use....

[Captain+Goatse]

It's .net(or was it .org) too...

I hope it was not .org :)

At least there's another choice... hmm 2 choices:
1)
Only go to sites that exist.
2)
Distributed Ping, NOW and ALL the TIME!
Assuming they are not running an OC-255 connection :/

SiteFinder 'feature'

Well, the internet IS far different than WWW. Btw, what ever happened to hotbot?

Let your voice be heard, more on the poll...

[wherley]

The ICANN Information page on Verisign's Wildcard Service" elicits comments from Members of the Internet community. Emails are to be copied to wildcard-comments@icann.org A selection of comments is viewable here.
I'd suggest making your comments now.
Regarding the Verisign survey...more information about it is in this article. Excerpts:
The survey, a telephone poll of 1,000 internet users who could recall seeing Site Finder, was conducted by Markitecture and Harris Interactive and commissioned by VeriSign. It has a margin of error of plus or minus 5%

On the opposing side, Tucows Inc, a domain name registrar that competes with VeriSign, said a poll of its resellers (generally ISPs and web hosting companies) indicated that 90% of respondents wanted Site Finder turned off.

Re:Let your voice be heard, more on the poll...

[Enonu]

Although I'm on the side of the fence that opposes Verisign for all the obvious reasons, 99.9999% (you get my idea) of web users who mistype a domain name have no clue who Verisign is, why sitefinder is bad, and probably appreciate a clickable link for the domain they wanted. In other words, I do not believe such a survey is repetitive of "internet users."

Re:Let your voice be heard, more on the poll...

Hrm, but how can I send them my issues when I do not want to end up on their spam databases, having them bug me about domains that I don't have that are "about to expire!"? :/

Maybe a one-time hotmail or similar? Hmm...

Re:Let your voice be heard, more on the poll...

[Ben+Hutchings]

I've heard of "marketecture" before but never thought it would be used as a company name (though with different spelling). Given that there is such a company, though, it makes sense that Verisign would use their services.

Re:Let your voice be heard, more on the poll...

[steveg]

Or representative either.

bring down the tyrants!

The guys that brought down osirusoft and monkeys.com should redirect their efforts to shutting down Sitefinder instead of picking on those poor RBL's.

(yes, I know it's against their own interests, but I'm just saying...)

Analogy

So, let's say the phone systems worked in just this way. If you dailed a wrong number, you wouldn't be told you had a wrong number, you'd get to listen to an advertisement.

Quick, someone get the number of a patent lawyer

Re:Analogy

[Asprin]

Actually, it's more like the phone book, where if you look up a name that isn't there, you aren't told it isn't there, in fact, YOU ARE TOLD IT IS THERE, but it turns out when you call the phone number it plays a recording with an ad for yellow pages advertising department.

Re:Analogy

[rkuris]

Well, I don't like this wildcard thing but for a different reason.

Here is where your analogy breaks. What if, when you called a disconnected number, you got an automated service that would look up the correct number for you, and it didn't cost you anything?

I think the real problem with this has to do with the point an earlier poster made. The internet is NOT "port 80 for browsers". Are they going to offer some service when I mistype this command: "ssh xunifyx.com" and offer to connect me to the right host? Of course not!

Re:Analogy

Good point, but Verisign is only concerned with what sells, not what 99.9% of the consumers in super-rich North America and Europe consider to be geek stuff. As far as the non-tech sector thinks, the Internet starts at email and stops at the web.

If Verisign thinks they can get money out of wildcards, let 'em. If it poses a problem, Verisign will be consigned to oblivion. To paraphrase John Walker, the Internet will build around the obstacle.

Sight Funder

[acegik]

The most annoying thing is that the don't admit that it's a way making money by taking advantage on a privilege they have. Saying that users enjoy the service is a load of ....

Self-centered.

"'no security or stability problems', and that 'Internet users consider the service a helpful tool to navigate the web', "

Translation:
It potentially makes money for US, and we don't give a damn about the rest of YOU.

Time to overhaul internet naming

[jpatters]

Why not use a decentralized naming system based on public key crypto, and get rid of verisign and the rest of the leeches?

Re:Time to overhaul internet naming

[Ianoo]

Because as we've seen with the IP(v4) to IPv6 transition, it takes an awful lot of time and an awful lot of money to change the way the entire Internet does a certain thing. It's not something that can change overnight.

A related point is that it's VERY difficult to predict how anything will operate on the hugely large scale of the wild Internet. There are plenty of very elegant systems being developed at the moment that replace DNS with some kind of distributed (sometimes even serverless) systems that make a lot of sense. But these things need time to go from academic projects to something that will work.

It's a target for the future, but unfortunately it's not going to stop "Verslime" getting their own way for 5 years at the very least. The only feasible people who can stop them in the short term are ICANN (or possibly someone like GoDaddy if they can prove they've lost earnings).

Re:Time to overhaul internet naming

That would work about as well as Freenet does now E.g. not at all.

Re:Time to overhaul internet naming

[jbottero]

"Why not use a decentralized naming system based on public key crypto, and get rid of verisign and the rest of the leeches?"

Why don't we transition to a result based beta system of rotating coffee cups. The resulting warning sig would effect the general ground plane in a way as to generate an obtuse reactive framework.

Didn't ICANN already rule this unacceptable?

[Fnkmaster]

I was under the impression ICANN essentially told Verisign this was not in compliance with their contract, and that it was unacceptable. When do we hear what the consequences are of continued, flagrant, and intentional violation of the public trust of .com and .net?

Please, ICANN, you've always sucked before, but maybe there's hope for you yet. Enforce the terms of the contract with Verisign with extreme prejudice and terminate these scumballs.

Legalities

[Doesn't_Comment_Code]

Under 15 U.S.C. 1125d, cybersquatting is the illegal act of registering a domain intentionally to be confused with another. Thus, Ford could not register Chevrelet.com to themselves and hope people looking for Chevy's mistype and go to the Ford site.

From what I understand, sitefinder is being used in almost the exact same way as the scenario I just mentioned. Verisign's activity is prohibited at least by the spirit, if not by the letter of the law.

Re:Legalities

I registred a .net domain during this period.

At some point in time, I noticed that I was officially the owner of the new domain but that the root nameserver was not yet aware of it so my domain was redirected to the verisgn site.

To Verisign was using MY DOMAIN.

Re:Legalities

[Reziac]

I made a similar comment last time around -- IMO, the entire thing is aimed at discovering which "typo domains" are worth squatting on.

Which is a Bad Thing to have in the hands of a supposedly-trusted domain registrar.

If you don't think this is likely, try htobot.com -- this was originally registered as a joke, way backwhen hotbot.com was new, and it poked fun at your bad typing before sending you on your way to hotbot.com. NOW -- it's a portal site, evidently getting enough hits to be profitable.

A related "typo domain", hotbto.com, is presently being squatted on by megago.com, another portal site (which used to have a page up that was for "checking available domains" -- funny how those checked suddenly ceased to be available, but could now be purchased from the current owner...)

Re:Legalities

[Progman]

You clicked the "I am a total moron, charge me even more to host my DNS and web page" checkbox instead of the "I know what I'm doing, just let me enter my DNS servers IP and get outta here" checkbox when you registered your domain.

Could be a good thing

[Conspiracy_Of_Doves]

If Verisign tries to pull this crap again it just might be the excuse that ICANN needs to yank Verisign's contract.

Boycott time

How many out there have domains registered with Network Solutions? I think it is time to move them elsewhere.

Are there SSL certificate athorities other than VeriSign? Time to sign up.

Re:Boycott time

[stilwebm]

How many out there have domains registered with Network Solutions? I think it is time to move them elsewhere.

In releated news, I just received the following email. Note that Verisign had mentioned Network Solutions was a money pit on their SEC filings.

---

Dear Valued Network Solutions(R) Customer,

Today VeriSign, Inc. announced that it has entered into a definitive agreement to sell Network Solutions to a new entity formed by Pivotal Private Equity.

Please be assured that Network Solutions continues to be committed to providing superior products and customer service to our more than 4 million customers. You have seen evidence of this commitment in the numerous enhancements we have introduced over the last 18 months. This commitment remains strong today in our
600 employees, each focused on providing you with a superior customer experience.

DDOS?

[myrashka]

So, how long before some ingenious person will run a DDOS attack that does random packet flooding of random .com addresses (ie, asfdadsfsdf.com) thus double whammying the versign servers.

Re:DDOS?

[millahtime]

and an attach like that would increase traffic thus slowing networks down. I don't really think that would make verisign turn the "service" off. They would turn it on how they are so widely used they are not a target.

Re:DDOS?

And VeriSign would claim that every request in the attack was a "user who found useful this tool"

Re:DDOS?

[CaptBubba]

Verisign would then count those as people "using" the "service" and sell advertising for more.

Re:DDOS?

[Syrrh]

I think you'd need the biggest DDOS in history to have any effect. The root servers are designed for a heck of a lot of redundancy and they sit in the biggest peering points in the world. I'm sure it'd be nothing for them to add in a few more distributed SiteFinder servers and be just as untouchable.

And the investigated huh?

[arcanumas]

Their "team of experts" must consist of :
1) a banker
2) an enginee^H^H^H^H^H^H^H MSCE
3) 3 Marketing droids
4) the woman in the coffe shop across the road
5) and ... Dalr McBride who can prove that the Internet contains data that belongs to SCO.

They must have quite the dream team of experts to come to such a conclusion.

Re:And the investigated huh?

Please show some respect for the coffe shop woman. She is probably a upstanding profesional and doesn't deserve such comparison.

Re:And the investigated huh?

2) an enginee^H^H^H^H^H^H^H MSCE

It's MCSE. If you're going to make jokes about "Micro$oft" to get your Funny-ha-ha points from the Mod-sheep, at least learn to do it right.

Re:And the investigated huh?

[kwashiorkor]

You forgot the Lia... er... Lawyer who's rubbing his hands in gleaful anticipation of the coming payo... er... court case.

Re:And the investigated huh?

(bart simpson voice) HA HA! you are one of those dime a dozen MCSE!!!!

in the last 2 months, i had one mcse as a server at Tom's Ribs, another show me laptops at CompUSA, and another try and sell me insurance.

you guys are BIG FUCKING JOKE.

Re:And the investigated huh?

[KentoNET]

Musn't forget that everything on Slashdot consisting of a numbered list must include:

6) PROFIT!!

What about the users freedom ?

[Frit+Mock]

Besides technical aspects and that www is not the only use of the internet.

It can't be that a single company has the right to exclusivley claim a certain service.

What about the users freedom to choose wich service he uses to find a site?

I don't want to be dictated to Verisign, I don't want any dictatorship at all.

If worst comes to worst

[sielwolf]

Is there anything ICANN can do about this? Can they revoke Verisign's right to the com's and net's? Or could they just make a "suggestion" to some governmental body?

The Internet's the like Wild West and Verisign is setting itself up like a company town.

Re:If worst comes to worst

[lennart78]

Since ICANN doesn't own the Internet, it can't tell domain registrars what they can or can't do. IMHO the only option is to sue them for using their monopoly-like power to their own advantage. If they want to do that, they should hook up with every search-engine, and search-related sites on the net, and argue that Verizon is driving them out of business.
A case like this would not actually represent the spirit of the problem, but hey, the American legal system has seen things that are way more weird than this...

Re:If worst comes to worst

IMHO, urgay.
-GNAA

Re:If worst comes to worst

[geoffspear]

ICANN doesn't need to own the Internet. They have the power to decide who controls the root servers, and they can revoke the authority they delegated to VeriSign.

I especially like where VeriSign says they "voluntarily" shut down SiteFinder a few weeks ago, when in reality they were ordered to do so by ICANN.

Re:If worst comes to worst

[lennart78]

That may be so, but since there is no law prohibiting any company from pulling this kind of stunts, it will probably happen again.

Verisign is a commercial enterprise, and only one thing counts: $$$$$MONEY$$$$$
If they can make extra money by exploiting the fact that they control the root servers for the .com and .net TLD, they will do that, even if it breaks the Internet.
If ICANN were to transfer control of the root servers to another commercial enterprise, (which will probably be the case, 'cause I don't think any non-profit organisation will be able to maintain the necessary infrastructure), they will probably do something like this, just so they can make an extra few bucks at our discomfort.

The great strength of the Internet is that it is not owned by anybody. The great weakness of the Internet is that it is not owned by anybody. Since there are no actual, government imposed laws on what you can or can't do to the Internets infrastructure, it's a free-for-all, and everybody who has a clever idea on how to squeeze some money out of it is free to do so. It made the Internet what it is today, and it may be it's undoing...

Re:If worst comes to worst

[geoffspear]

No, there's no law prohibiting it, but Verisign's contract with ICANN limits the number of domains they can register for themselves for free, and ICANN can (and should) send them a bill for, in effect, registering every possible unclaimed domain name. I don't want to calculate how many domains can theoretically exist under .com or .net, but it's a whole lot, and the registration fees should total a lot more than the total GNPs of every country on the planet.

is 30-60 days enough

[jniver]

the question is can ICANN find a replacement for verisign in 30-60 days.

Time to find a new home for .com

Verisign = Spyware

It doesn't really matter if you are for or against the ICAAN because Verisign has and always will be not welcome on my computer. On my Windows 2k box I have adaware.... So f$@* Verisign!

I actually LIKED the SiteFinder service!

Why am I in minority on this one?!? I actually liked the SiteFinder service! Whenever I would mistype a domain name or was unsure of the proper domain name spelling (especially when dealing with foreign domain names) SiteFinder would offer me a bunch of valid choices. That was great! A LOT BETTER THAN A BLOODY ERROR PAGE!!!

Aside from Verisign "destroying the www", why wouldn't a service like this be useful?!?

Re:I actually LIKED the SiteFinder service!

[Peregrine]

Technically, a service like that already does exist - if you're not sure about a web address, you can always try using a search engine.

From what i've seen, the two main issues with it are it breaking existing systems, and the fact that its being forced on everyone. Now, if it were a service, in the sense of you being able to opt to use it, that would be a different case.

Re:I actually LIKED the SiteFinder service!

[Pxtl]

I'm assuming this is a troll, but I'll bite.

First of all, anyone with a non-shitty browser can configure it to redirect the standard error to a custom error page - one more useful then "error: you suck" that most browsers do by default. So this "feature" should have been implemented on client side if it was desired. This breaks the browsers that have that feature intelligently implemented. For those of us who don't want our typos to line Verisign's pockets and instead want to use our own redirect - now we can't.

Second: repeat after me: the WWW is not the Internet. When a non-WWW service (be it FTP, IRC, or Quake) tries to contact the wrong domain, it will now get the wrong error, as the system will think it hit a server where the given service was not running, instead of the truth: there is no server - that domain does not exist.

Basically, a lot of people invested design time in a given standard. It will cost them money to change to Verisign's non-standard behavior. Verisign was paid by a public agency to run a standard conforming system. This means that Verisign is making money and costing other people money, when they are legally mandated not to.

Basically, Verisign is stealing from software developers.

Re:I actually LIKED the SiteFinder service!

[lennart78]

And third:

A lot of anti-spam software uses domain lookups to see if an email originates from a valid domain. Since every domain is now valid, this can no longer be used to filter out the good from the bad...

Re:I actually LIKED the SiteFinder service!

[Artful+Codger]

The concept has potential, sure...

The technical problem is that the approach breaks Internet standards, particularly the standard that a non-existent domain causes a specific sort of error message which is used widely (eg to test for false email FROM addresses)

The other, more political problem is that Verisign was given the task of "guardian" of those domain registries, to administer them acording to ICANN rules as per the contract. Verisign is violating that trust by exploiting their position of control AND also violating the contract under which they got the contract (and get to make $$ from running it) in the first place. It's open defiance of the body (ICANN) that gave them the business.

So, yes this service idea has legs, but it must be done in such a way that it doesn't break their contract, follows the Internet standards, and is rolled out in a fair, competitive manner.

Boycott them.

Re:I actually LIKED the SiteFinder service!

[wintermute740]

I'm sure that others have pointed this out, but MSN has a similar "service" built in to IE and turned on by default. If I mistype a domain, and MSN search page comes up with possible valid alternatives. However, since Microsoft implements this via the browser, it doesn't bloody break the internet!

Re:I actually LIKED the SiteFinder service!

Aside from Verisign "destroying the www", why wouldn't a service like this be useful?!?

For most users of the WWW, "a service like this" would be useful. The problem is not the service, but the way it's implemented. If Verisign (or anybody else) had offered a browser plug-in that redirected DNS error messages to SiteFinder, that would have been 100% okay. If VeriSign could somehow determinte that the DNS request came from a web lookup, and sent SiteFinder back only for those, that would be bad, but not too bad.

The problem is that lots of services use DNS and rely upon correct DNS errors. And, of course, some browsers and companies bundle tools to translate those errors into SiteFinder-like services already. By using DNS wildcards to "resolve" errors into a valid address, Verisign got the jump on those services, but also broke a fundamental property of the DNS system.

Verisign's action shows complete disregard for the critical nature of DNS for all Internet apps, and assumes that:

1) All Internet DNS requests are WWW lookups (since otherwise how would receiving a web site help you)

2) All users want to see SiteFinder (and SiteFinder only) whenever a DNS error would have occurred

That's what makes this arrogant and destructive. Choice is being taken away from you, and the programs and services you choose to use, and being transferred to serve the interests of a single company.

Re:I actually LIKED the SiteFinder service!

[Pofy]

And if your language is not the one Verisign used on that page, you might not even have a clue what is going on.

Re:I actually LIKED the SiteFinder service!

instead of the truth: there is no server

Do you bend servers with your mind? :D

Re:I actually LIKED the SiteFinder service!

[battjt]

Fix your browser then. The wildcard match is more like every name you ever look up in the phone book exists, but most of them have the same number and address, which is a answering machine with advertisements indicating that you have the wrong number. Joe

Re:I actually LIKED the SiteFinder service!

[TiggsPanther]

However, since Microsoft implements this via the browser, it doesn't bloody break the internet!

And the amusing thing? One of Microsoft's "features" which is actually less irritating than the alternative.

Hmmmmm. Is there a way of implementing a similar service server/ISP-side? Whether via a proxy or DNS
So that if an incorrect domain-name is requested and it's an HTTP request then it could show up a site giving suggestions, offering a search-engine, and giving any other information that could be useful to your ISP/company/university.
But if the request is for anything other than HTTP, then the proper response (NXDOMAIN?) is given.

Re:I actually LIKED the SiteFinder service!

[Urban+Garlic]

> Why am I in minority on this one?!?

There are lots of correct replies to this elsewhere, but yours is a good question worth responding to directly.

The first answer is a question of scope -- it's not within the responsibility of a DNS service to suggest alternates. Your request was in error, the RFCs require than an error message be returned. It's legal for somebody else (you, your ISP, whatever) to catch the error and handle it in a more user-friendly way than just reporting it. Catching the reported error and handling it is fine, failing to report it is wrong.

The second answer is related, its that not every DNS request is asking for a web page. Some of them might, God forbid, just be trying to resolve a host name. Sending a well-formed but unintended web page in reply to an incorrect request for an IP address is just rude. It would be like sending you AOL CDs every time you dialled a wrong number on your telephone, on the assumption that every phone call in the universe is really an attempt to dial-up AOL.

Re:I actually LIKED the SiteFinder service!

Hmmmmm. Is there a way of implementing a similar service server/ISP-side? Whether via a proxy or DNS So that if an incorrect domain-name is requested and it's an HTTP request then it could show up a site giving suggestions, offering a search-engine, and giving any other information that could be useful to your ISP/company/university. But if the request is for anything other than HTTP, then the proper response (NXDOMAIN?) is given.

I'm sure I could do some firewall rules to redirect traffic from my network to sitefinder's IP address to go to an alternate search engine instead. The trick would be in getting the firewall to return the original error message instead of the sitefinder results. Alternatively, I could build a transparent proxy that did the same thing. Again, the trick would be to not only not redirect to sitefinder for web traffic, but also in restoring the original error message instead of sitefinder for non-web traffic. That said, I do have a little coding experience, and if (when) I take my new job, I will be allowed to work on open source projects as long as they benefit the company that I'll be working for. I think an invisible proxy would be an easy sell to my potential employer, so I may just have to tackle the problem then :)

*posted as AC to keep my current job, just in case things fall through ;)

Re:I actually LIKED the SiteFinder service!

If you like Shitefinder, you can configure IE to bring up Shitefinder instead of giving you an error window or the MSN search it does by default. I don't like it, so I'll keep my error windows, and we can all win. Except Verisign, of course.

Re:I actually LIKED the SiteFinder service!

[catbutt]

. So this "feature" should have been implemented on client side if it was desired.

It it was really going to duplicate the functionality of sitefinder, it would need to contact a server which had a database of all doamin names.

The best way I can think would be to have sitefinder (or an alternative service) have a separate protocol, and your browser can query it to make suggestions as to what domain you wanted (and the browser doesn't have to query it if it doesn't want to). Also you should be able to query it even if the domain you searched for actually exists, but wasn't the site you were looking for, which sitefinder doesn't do.

Sitefinder is arguably useful, but no one company should have the exculsive right (or technical ability) to run such a service, for all the reasons you list.

Re:I actually LIKED the SiteFinder service!

[arkanes]

There's no way to know that a DNS query is for HTTP. This is an application level, not protocol level, functionality and should remain that way.

Re:I actually LIKED the SiteFinder service!

[87C751]

Sitefinder is arguably useful, but no one company should have the exculsive right (or technical ability) to run such a service

You're right. Sitefinder is arguably useful. But in order to implement Sitefinder, Verisign broke the DNS system. Repeat after me, and everyone else in this thread that has said the same thing: The WWW is NOT the Internet!

Alternative interpretations of HTTP errors belong in the web browser. HTTP is only one of hundreds of services that depend on DNS. In order to scam some revenue from one of them, Verisign broke all of them.

Now do you get it?

Re:I actually LIKED the SiteFinder service!

[kst]

First of all, anyone with a non-shitty browser can configure it to redirect the standard error to a custom error page - one more useful then "error: you suck" that most browsers do by default.

Really? I've used several different browsers, and I don't remember seeing this kind of configuration option. It would certainly be possible, and perhaps even useful; I just don't remember ever seeing it. Can you provide details for one or more of the more popular browsers?

Re:I actually LIKED the SiteFinder service!

Microsoft Internet Explorer does it by default, although it is set up to use the MSN search page. But the option is well hidden, I have spent lots of time looking for it, when I wanted to turn it OFF.

Re:I actually LIKED the SiteFinder service!

[Pxtl]

IE does this, and you can get a plugin for IE that even makes the search page Google-based instead of MSN.

Re:I actually LIKED the SiteFinder service!

[BugZRevengE]

Squid Proxy server lets you have custom error messages.. just change it, with a link to search engine or page of choice

Service?

[fetus]

Oh those wonderful guys at VeriSign, giving us this 'service' free of charge! I mean, this is something I'd pay $30, even $60 a month to use!
They've always been one of those 'for-a-better-internet' companies.
God Bless Them

Re:Service?

[red+floyd]

I know it's sarcasm, but some jerk at Versign will probably quote you in their defense.

I hate to be right...

[thrill12]

But the word temporarily really meant what it usually means...

ICANN has options

[squiggleslash]

ICANN's decision to farm out the front-end of the .COM/.NET DNS (ie having independent registrars responsible for maintaining lists of their own customers) gives ICANN an option it didn't have a few years ago - it can have a second or third .COM/.NET DNS infrastructure set up, with the primary root controllers pointing at both Verisign's and the others.

DNS queries would be taken at random from the three providers. The registrars would, instead of registering with just Verisign, register with all three. Any registrar that didn't would find its customers complaining about DNS resolving issues.

And to prevent Verisign from trying to drop a spanner in the works by not reregistering the domains it controls, ICANN could introduce the changes slowly, having, say, two of the root servers pointing at the alternative providers at the beginning, with the others still pointing at Verisign's network. Verisign's customers, assuming Verisign tried to fight it, would get poor DNS service immediately, without it becoming unusable. Everyone else wouldn't. Verisign's Registrar end would thus lose customers fairly rapidly.

Why would this benefit ICANN? Well, it's fairly obvious: by doing so, ICANN can easily simply suspend Verisign (or any other abusive DNS root operator) without negatively impacting the Internet. Right now, Verisign believes it can get away with what it's done because it has a monopoly on .COM/.NET, and has enough of the registrar market to be able to prevent a switch. ICANN cannot switch to an alternative DNS operator without the direct cooperation of Verisign, and Verisign has said in the past they wouldn't cooperate.

If ICANN is serious, it needs to do something about Verisign's monopoly immediately. Because of the Registrar/Infrastructure split, it now has the capability of doing so. Rather than sending letters containing vague threats of action, it's time it actually did something.

Re:ICANN has options

[sbegley]

ICANN is incompetent and practically powerless. The only member worth beans (Karl Auerbach) was booted out of ICANN after he asked too many questions about how ICANN's money was being spent and wanted to revise the services that ICANN has some say over. Read more about his struggles on http://www.cavebear.com/cbblog/
ICANN should have more control over Verisign, but they are too much in bed with them and Verisign knows that they can push ICANN around because there is no higher authority with teeth that can be easily appealed to. I wrote to Auerbach about this conundrum and he basically said to write your congressman and suggested that the best way is to get people to write letters - real paper letters -to both Don Evans and Nancy Victory at the Dept of Commerce. (Secretary Donald L. Evans
Office of the Secretary
Room 5516
U.S. Department of Commerce
14th & Constitution Ave. NW
Washington, DC 20230

Phone:
202-482-2000

Email:
devans@doc.gov

Nancy Victory:
U.S. Department of Commerce - 1401 Constitution Ave. N.W. - Washington, D.C. 20230 - (202) 482-7002.

He also suggested that it wouldn't hurt to start "raising the consciousness" of folks in Sacramento, particularly our state Atty General about the behavior of this California corporation.

Verisign/Networks Solutions has a history of abusing its monopoly power and has been successfully sued by registrar GoDaddy more than once.

I recently was frustrated by all the roadblocks that Netsolutions threw up in my effort to move to another registrar. I was unable to log onto my account to even manage my domain for five days straight! Pathetic.

Re:ICANN has options

[Reziac]

Good idea. As was mentioned in the previous discussion, IBM and Google would be stable, trustworthy hosts. Now the question is -- would they be interested in doing the job?

Re:ICANN has options

Google has far too much power as it is. I do not want both the domain name system and the primary search engine in the hands of one privately held company.

Re:ICANN has options

That's fine, because my proposal (squiggleslash here, you posted AC so...) is that the domain name system be split between at least three companies. Google, IBM, et al, wouldn't have the ability to misuse the system even if they wanted to - one attempt, and the bad guys are kicked out.

Re:ICANN has options

[Rich0]

An even better first step - ICANN should just ask for a copy of their complete zone file, and give incremental updates daily.

I believe Verisign's contracts says that they have to surrender their zone file upon request.

Once ICANN has the complete .COM database they can set up their own servers if necessary. Granted the hardware would be expensive, and it would require some middleware to handle registrations, but I'm guessing that good-old BIND would handle the actual DNS.

They should have a copy of the zone on hand before negotiating over sitefinder - otherwise Verisign could threaten not to play ball. If ICANN had its own infrastructure or another contractor ready to go they could flip the switch the minute Verisign starts giving them trouble.

When Hell freezes over

[linuxislandsucks]

Verisign!= Internet..

I doubt their independent study as ICAAN's own independent study indicates otherwise and when Verisign was aske dto submit such facts it stalled

What's the "update your website info" all about?

[StyleChief]

Pardon my ignorance, but does anyone know what exactly they are trying to pull when I regularly receive spam from these guys asking me to "Please, when I have some time, update my website information" or they will no longer be able to "list" my site? I *never* respond to these messages because I always assumed they were complete bunk, but I'd like to know what kind of wool they are trying to pull over my eyes. Thanks in advance to any patient souls who deliver enlightenment . . .

Translated:

[winkydink]

"We have consulted with out attorneys and they tell us we have a good chance of winning a legal battle with ICANN over this. As a side effect, we will rid ourselves of these pricks once and for all".

This one has the potential for getting really ugly.

From the article

[RyoSaeba]

As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors

Is it me or 404 is for 'page not found'? And NOT DNS lookup error...

Re:From the article

[surprise_audit]

404 - Not Found is generated by the server, when you try to pick up a page it doesn't have. Completely different from not finding the server's address in the DNS.

Re:From the article

[Zocalo]

Is it me or 404 is for 'page not found'? And NOT DNS lookup error...

Nope, it's not just you; a lot of articles are obviously being written by people for whom Internet == WWW, and this mistake is occuring a lot. The error they actually mean is NXDOMAIN, short for "Non-existant Domain", and not a "404" which is, of course, a HTTP error to indicate that the specific object was not found.

Re:From the article

[Syrrh]

Yes, but this isn't regarding all 404 errors. It's a lot better to know that the entire site doesn't exist rather than just not having the page you're looking for.

Again, web traffic does not encompass all internet facilities. It may not matter to you why you can't reach some site, but it definitely matters to other systems that don't expect to be redirected.

Microsoft Already Does It

[kisrael]

It's interesting that people seem to be missing the real fight. For probably a majority of desktop users (those using IE), they already have this "functionality" in the form of a redirect to search.msn.com. So it's kind of a fight of Verisign vs. Microsoft, not just Verisign vs. people who like good web standards.

Re:Microsoft Already Does It

True, but there's one key difference. Microsoft does it at the client level - not as part of the Internet's infrastructure. I don't like either one - but at least in IE you can turn it off and it doesn't affect everybody else.

Re:Microsoft Already Does It

[Danse]

Yes, but people can choose not to use IE.

Re:Microsoft Already Does It

[dougmc]

For probably a majority of desktop users (those using IE), they already have this "functionality" in the form of a redirect to search.msn.com.

Yes and no. Yes, to somebody using a browser, the two `services' seem pretty similar.

However, there are some very important differences --

The IE feature only affects web browsing. It doesn't break email, for example. Verisign's change does. This is by far the biggest issue.

The IE feature probably doesn't remember `incorrect' URLs in the browser history

The IE feature can be turned off, either in IE or by not using IE. To turn off Verisign, you need to patch your name server.

Re:Microsoft Already Does It

That behaviour only affects IE users. And you can change MSN to Google if you like, by hacking the registry.

Verisigns crap affects all applications that use the internet, and there's very little you can do about it. To make it worse, those pricks intend to make money on it too, which is like selling something they don't own.

Re:Microsoft Already Does It

No, what MS does is different! They do it on the client side, after getting a DNS lookup failure, they then go to their search site (MSN) and provide a semi-usefull/annoying service.

If anyone should be complaining about site-finder, it's MS - it denys them redirects to their site (MSN) as they will never get DNS lookup failures

Re:Microsoft Already Does It

[nologin]

I am personally surprised that Microsoft has not been objecting to Site Finder. After all, if Verisign resolves everything in .com and .net, the redirect in Internet Explorer no longer works for these domains. This means less ad revenue for MSN.

Re:Microsoft Already Does It

[kisrael]

Actually, MSN is showing an almost surprising amount of restraint, ad-wise; two links and a search box to MSN Search on the "error" page. And even the MSN Search is fairly ad-light, just one line text links at the bottom.

I still find it a bit annoying, though, because if I made a simple typo (and the correct link doesn't showup in the 'did you mean?' list), then the URL in the address bar has been completely fscked, and I have to cut and or paste to get back to what I typed so I can correct it.

Re:Microsoft Already Does It

IE remembers bad addresses. Each time I want to go to google, I have to type www.goo because once I wrote www.gog and that's the first choice when I type www.go so yes, IE has memory of bad addresses.

Re:Microsoft Already Does It

Don't have to hack the registry, it's in the configuration. It's sort of buried, but for that matter, so is autocomplete.

Re:Microsoft Already Does It

[PhuCknuT]

You're missing the point, it's not about web standards at all, and that's the huge hole in verisign's arguement. The internet is ALOT more than just the web, the web is just an app that runs on the internet. They are implementing sitefinder at a much lower level than the web, and as a result messing with every other app besides the web that uses DNS. The ONLY place something like sitefinder should be implemented is in the browser, as a plugin or a feature or whatever. IE already has this feature built in and enabled by default, and has for a long time, do you hear anyone complain about that? No, because that was done properly and isn't breaking the rest of the internet.

Re:Microsoft Already Does It

[dougmc]

IE remembers bad addresses. Each time I want to go to google, I have to type www.goo because once I wrote www.gog and that's the first choice when I type www.go so yes, IE has memory of bad addresses.

It doesn't for me.

What seems more likely is that you have Verisign to thank for this -- you typed www.gog while `SiteFinder' was active, and the DNS server returned a valid IP, making IE think this was a valid name, and so it remembered it.

Now that SiteFinder is off, it's not remembering any new `wrong' sites. Try something else, see if you can get it to remember a new wrong site.

ah Jeez... looks like.

[LostboyTNT]

Looks like I'm gonna have to put my verisign-sucks.net back up.. (odd.. wonder why it's down?)

Highjacking

[C_Kode]

I'm an Internet User, and I don't consider Internet Highjacking a helpful tool to navigate the web.

Sufficient Notice?

[Michael_Burton]

Verisign has announced that it will give a 30- to 60-day notice before resuming the SiteFinder 'feature' that it voluntarily shut-down a couple of weeks ago.

Is 30 to 60 days long enough to de-authorize Verisign as a DNS registrar and find someone else to run those top-level domains?

Re:Sufficient Notice?

[stfvon007]

I herby volenter to run all the top level domans!
I will also mak the intrenet more user frindly to those pople who cant spel by allowing peeple who want somethin like sitefinder to download a small client program to redirect them instead of causing problems on the net.

404 != Site not found

[cskaplan]

From one of the articles: "As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors."

Of course, that's misleading -- SiteFinder doesn't provide a cure for 404 errors, which occur when the site is found but the page doesn't exist. So it looks like they need to find better marketing propaganda if they want to actually support their (fundamentally bogus) claims.

Re:404 != Site not found

[geoffspear]

Maybe their next plan is to filter all traffic and if it sees a 404 header it will redirect your request, too.

And I just can't wait until google.com starts resolving to a Verisign-owned search engine.

All Send an email.. Again, Adresses here.

[Ceadda]

Once again, Lets all send them an email to all these addresses, which are all set with , and all to be copied and pasted. If they get an email dos attack, they cant really say people want the service, now can they? consultingsolutions@verisign.com, verisales@verisign.com, clientpki@verisign.com, mss@verisign.com, dnssales@verisign.com, digitalbranding@verisign.com, websitesales@verisign.com, websitesales@verisign.com, internetsales@verisign.com, paymentsales@verisign.com, vts-mktginfo@verisign.com, premiersupport@networksolutions.com, channel-partners@verisign.com, websitesupport@verisign.com, dbms-support@verisign.com, webhelp@verisign.com, support@verisign.com, renewal@verisign.com, vts-csrgroup@verisign.com, authenticode-support@verisign.com, objectsigning-support@verisign.com, enterprise-sslsupport@verisign.com, enterprise-pkisupport@verisign.com, vps-support@verisign.com, privacy@networksolutions.com, practices@verisign.com, id-support@verisign.com, info@verisign-grs.com

Big Surprise

[jdreed1024]

"We have examined our service, and we think it works fine, and we think users love it."

Well, duh. Did anyone actually expect something different? The ball is now firmly lodged in ICANN's court. They've done their legal blustering and letter writing - now they need to take it to court if Verisign continues flipping the bird to the Internet community.

No problems? HAH!

[MarvinMouse]

Explain this verisign. An important site I use for business was doing fine, and even reregistered it's website domain recently, and yet when it expired, your bullshit service decided to post it's DNS as the proper place to go for that domain instantly. EVEN THOUGH THE SITE WAS ALREADY PAID FOR. Essentially you Highjacked their domain, and made it impossible for me to do business (over the internet) with them for 3 days straight.

You claim there are no problems? HAH. There are so many holes and bugs in your services, I am surprised you aren't fighting down legions of class lawsuits.

Its ONLY about money

[tobybuk]

These guys don't give a shit about users unless those users make them money - period. As for their research, without the details of how the research was carried out its irrelevant to the issue. Just suppose that it was judged that this was a 'good thing to do', then what gives them the right to exclusively offer this service? If I have to have this shit, then I think I would prefer google to provide it. If they get away with this I suspect the law suits from the other search engines will come flying. Best thing to do would be for all sysadmins to block this at source.

Send their marketing/spokesperson an e-mail like..

[Assmasher]

.. I just did. The link about how "users like" that crap has a spokesperson contact number. Remind them that the Internet is just a teeny bit larger than the WWW and applications other than web clients use DNS and expect certain responses to certain errors.

Lies, damn lies, and surveys

[ccarr.com]

If I had the resources to survey users about SiteFinder-like services, here's what I'd ask:

1. When you enter an incorrect domain, would you prefer a 404 error, or a web site with possible alternatives?
2. If you answered "yes" to question 1, would you prefer for this service to appear all the time, or only when your incorrectly typed domain ends in ".net" or ".com"?
3. If you answered "yes" to question 1, would you like to be able to set a preference in your browser that allows you to choose among alternative competing search sites, or would you prefer to be forced to use a particular site not of your choosing?

Re:Lies, damn lies, and surveys

[RyoSaeba]

Sorry, but 404 is page not found. DNS lookup failure is another error (don't know it on top of my head).

Re:Lies, damn lies, and surveys

[Xerithane]

This is the problem, and it's people like you.

NXDOMAIN is not 404. Learn what a 404 is. If you visit a lot of companies websites and get a 404, you will get a list of possible alternatives.

A 404 is on a webserver that already exists, that is running an http server and has the DNS properly configured.

Here is a better survey:

1. Do you know the difference between a 404 and NXDOMAIN error?
   
2. If you answered "No" to question 1, do not participate in the rest of this survey.
   
3. Do you have your email MTA verifying against NXDOMAIN records on incoming email?
   
4. Do you have browser redirection software?
   

Users had a choice?

[goldspider]

"Prior to ICANN's October 3 directive to shut down the service, Site Finder had
been used more than 48 million times by Internet users to get where they want to go online."

...as if they all chose to go to Site Finder instead of directly where they intended to go. I'm generally pro-business and pro-creativity, but this is a despicable exploitation of people making honest mistakes. IMHO, this should warrant a DOJ investigation.

Dear Sir

Please burn your Ayn Rand books forthwith. It has come to our attention that it has given you illusions of being an Economist and the ability to understand simple organisational constructs. You may wish to visit your Doctor, who may prescribe Prozac and a smack around the head with a clue bat.

Yours,

The real world.

Verisign selling their Registrar Services?

[Kevitt]

Maybe this is part of a plan to have Sitefinder appear to have less of a conflict of interest. I just received the following mail from Verisign.

Dear Valued Network Solutions(R) Customer, Today VeriSign, Inc. announced that it has entered into a definitive agreement to sell Network Solutions to a new entity formed by Pivotal Private Equity.

Please be assured that Network Solutions continues to be committed to providing superior products and customer service to our more than 4 million customers. You have seen evidence of this commitment in the numerous enhancements we have introduced over the last 18 months. This commitment remains strong today in our 600 employees, each focused on providing you with a superior customer experience.

Today's announcement will not impact the service you receive from us. Network Solutions is the industry's first and largest domain name service provider with over 8 million domain names under management. We will continue to support and enhance a full range of affordable Web related services, including domain names, Web sites, business e-mail, and more.

As to the transaction itself, the buyer, Pivotal Private Equity, is a provider of equity for middle market corporate acquisitions. Pivotal focuses on companies in the telecommunications and Internet services industries, among others. The purchase agreement is subject to certain closing conditions, which we expect to be completed in the fourth quarter. To view today's press release and to get additional information go to http://www.verisign.com/corporate/news/index.html.

We remain committed to providing high quality services to meet your online needs and thank you for choosing Network Solutions.

Sincerely,
Network Solutions Customer Service

Re:Verisign selling their Registrar Services?

[TsEA]

Please be assured that Network Solutions continues to be committed to providing superior products and customer service to our more than 4 million customers. You have seen evidence of this commitment in the numerous enhancements we have introduced over the last 18 months. This commitment remains strong today in our 600 employees, each focused on providing you with a superior customer experience.

How come whenever I read "be assured" from a PR of some companies, I start worrying more? Is it just me?

Vote Against Sclavos on forbes.com

[winkydink]

Let's see if we can knock his approval rating down a peg or two more (look what happened in September, /. effect?). Vote

Versign's own pr flawed

[beezly]

In their press release about their "survey"... they provide a comment from a user about how 404's are a pain.

Agreed, 404's are a pain... but the site finder service did absolutely nothing to prevent them or to help the user when they happened.

We've tried the carrot...

[Merk]

Last time when Verisign sprung this on Internet users, for the most part, people worked around them. The changes to BIND were not exclusive to Verisign, they just tried to address what they considered to be a flaw exposed by Verisign. This time is different. ICANN has told them not to do it, and they're still going to do it. This time, it's time for a punitive reaction.

Here's what I propose. If you write software that interacts with DNS keep track of how often Verisign hijacks a non-existant DNS entry. Each time they do that, increment a counter. Then, the next time someone asks for a valid Verisign address use that counter to decide whether to return NXDOMAIN or not.

If Verisign insists on pretending that they own the net, instead they'll discover they've disappeared off the net.

Now sure, there will be casualties from this. It will even hit people who are trying to remove their domains from Verisign's authority, but what's the alternative? When someone does something this outrageous, it isn't enough to work around them. They have to be punished too.

Let me fix your post...

[Danse]

Enforce the terms of the contract with Verisign with extreme prejudice and terminate these scumballs... with extreme prejudice.

There we go, much better.

Use a bigger hammer

If all else fails, maybe a bigger hammer would be an option.

Everybody knows that what Verisign is doing is wrong, but I don't think that there is actually a legal lever to pull in this case. So when the law doesn't provide, maybe the community should.

Maybe I should write a program that generates a random .com domain name, and start pounding the living crap out of that name if it doesn't resolve into anything else then sitefinders IP. If a lot of people would use this, Verisign would be DDoS-ed in no time, and since the program wouldn't target an actually existing domain name, it couldn't be liable for any damage done unto Verisign....

whereis mozilla.org

Mozilla is broken and refuses connection!!!

Verizon != Verisign

One is an internet company run by a bunch of jerks, the other is a telephone company run by a bunch of jerks.

OTher Registrars?

[Heem]

I have 5 domains registered with netsol. Can anyone reccomend another registrar that I can easily transfer my domains to? I will make it very clear to verisign why I'm moving my domains away from them, and i suggest anyone else do the same.

Re:OTher Registrars?

[wintermute740]

I've had good luck with GoDaddy.com for my domains.

Re:OTher Registrars?

Gandi.net has worked well for me

Re:OTher Registrars?

REGISTER.COM

Been with them for 5 years now, very nice service. There are tons of others as well and they are not the cheapest, but I'm happy with them.

Bonus: They also host your DNS.

Re:OTher Registrars?

[unhooked]

A few years back the scumbags started spamming me big time. After repeated requests for them to stop
failed, I moved to gandi.net and added 550's for netsol's ip space to /etc/mail/access.

Best move I ever made, saved money too.

Re:OTher Registrars?

[sbegley]

One thing to remember, Netsol makes it really hard to move. For example, from the GoDaddy website: "Regulations prohibit transferring a domain name that has been registered within the last 60 days. Also, we cannot process transfers on domains that are set to expire within 10 days from today."
I think it used to be even longer before the expiration time. A very tricky method to keep you in. If you don't do it soon enough (and in the past I had problems with the 10 day limit, since my email address that was registered was out of date since the email went away, so I missed the first deadline. I had to pay to renew and then I had to wait 60 days before I could move).

Now after someone renews most people aren't going to say, "Oh well, I'll just ignore those 10 months I paid for and pay again to move away." They wait till next year and most likely miss the deadline again! Some registrars like GoDaddy will credit you an extra year if you register long before your Netsol domain expires.

So get crackin' on the move!

Re:OTher Registrars?

[Reziac]

I'll second the GoDaddy.com recommendation. They have a history of lowering prices while adding services, and when you write tech support, a Real Human answers.

And if you just want to tweak netsol's ass, godaddy is one of their primary "let's see if we can hijack their customers" targets.

Re:OTher Registrars?

[Syrrh]

Hmm.. how about.. ANY other registrar? NetSol operates on legacy, they don't have any built-in features or special performance that justifies their $35, except that it's a bitch to transfer domains.

I use Register.com, because it includes DNS controls. GoDaddy.com is well known as a cheap, no-bullshit service, and there are many more in between.

Re:OTher Registrars?

[hether]

Dotster has done a very good job for me in transfering domains from netsol. They offer an $8.95 transfer special and if you have the ability to approve the transfer yourself (if you are primary the contact in netsol's listings)it goes fairly quickly. If not, you just have to get a hold of the person who is the primary to make sure they approve the switch ASAP.

Erm...

their own independent examination of their controversial redirection service

In other news, Underpass Bob said that his own independent analysis of his acohol consumption concluded that "it wasn't a problem", and that "most people panhandled found his commentary on thier socio-economic status helpful".

Was anyone surprised by this?

[Perianwyr+Stormcrow]

I was more surprised by the initial pulling of the "service" (read hijacking) than I am by this lovely fig-leaf study.

This is why we have representative government, folks. A chance to convince someone who will actually listen. The sad thing is that the other side can convince, too- and they generally do it with money.

It is a sickening fact that the rest of the world has to suffer based on what we as Americans do. But hey, that's what being the new Romans is all about.

Opt Out of site finder?

The last time I had the pleasure of "Using" Site Finder I read their wonderful Terms of Use.
I don't like their terms. How do I Opt-Out of using their service without reconfiguring every machine I use or walk up to and use.

This belongs at the application level

[Saint+Stephen]

Verisign's statement is probably true: Many users (excepting myself) would probably prefer being offered alternative instead of an error message.

However, the proper place to implement this is at the browser level, not at the network level. So, you can grant their statement is true but it doesn't justify their case.

Re:This belongs at the application level

[fuzzybunny]

Yup, I'm with you. I think a search engine like Persian Kitty to help me find what I was probably looking for in the first place would be nice :-)

Re:This belongs at the application level

[Reziac]

Actually, my experience has been that if a non-geek user gets a "no DNS" error, they soon figure out that they mistyped something. However, if they get a fancy alternative (like Verisign's SiteFinder page) they make the assumption that their typing was fine, but that the site they wanted has gone away.

So even tho something like SiteFinder (even at the browser level) might not look as "scary" as the "No DNS" error, I think it does more harm to these users' actual ability to use the web.

There are still people who think IE's internal error page is a real website. But I've never heard of anyone having that problem with Netscape's "No DNS" info box (which is *clearly* a message from the application, NOT a web page).

Re:This belongs at the application level

There are still people who think IE's internal error page is a real website.

Sometimes it is a real website.

Re:This belongs at the application level

that is TEH FUNY!

because SHRBU CANT SPEL!

hahahahahahahahahahahahahaha

/. morons defocus from their owned plight/blight

talk about re-directing folks? they come to read about 'stuff that matters', & are subjected to a plethora of corepirate nazi payper liesense ?pr? ?firm? scriptdead deception.

nsi is such a lowlife organization, that won could accurately exclude them from survival, post big flash, without having to go over&over about their latest last gasper softwar gangster endeavors.

va lairIE/robbIE et AL, on the other WAN, appears to present that they are not at least as corruptdead as sum of their '.contemporarIEs'/other stock markup FraUD scamsters.

lookout bullow.

IT HAS NOTHING TO DO WITH 404!

From the Verisign press-release:

"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. "Alternative suggestions instead of a project-stopping 404 is a welcome and functional improvement to my use of the Web and related searches. It is difficult for me to see a downside to this user friendly enhancement."

While I may not expect an end-user to really know what 404 means; but, Verisign should know better than to quote wrong information in their press release!

It never ceases to amaze me

[DuckDuckBOOM!]

how a company can commission an "independent" survey that yields exactly the results the company wants, regardless of the degree to which those results contradict common experience / knowledge.

The second (article || press release) yields a clue as to how it was done this time:

"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. . .It is difficult for me to see a downside to this user friendly enhancement." (emphasis added)

Somehow I suspect that the people who don't find 404s "extremely frustrating" and do have the knowledge to "see a downside to this...enhancement" weren't part of the survey. So 53% of clueless PHBs think SiteFinder "improves the Internet". BFD.*

.

* "Big Furry Deal." - Dogbert

Re:It never ceases to amaze me

[Tack]

As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors.

I have noticed, during all this Verisign SiteFinder nonsense, that many people who should know better don't seem to have any idea what a 404 error is. (Not referring to the parent poster, of course, but many others.)

404 isn't what you get when you type in a non-existent domain. That depends on your browser. Error 404 is an HTTP status code that a real live webserver returns when you request a document it can't find.

The only way you're going to get a 404 error is if you type in a VALID domain, and so 404's have nothing to do with Site Finder at all.

</rant>

Jason.

Re:It never ceases to amaze me

[elronxenu]

Verisign would make 404 errors redirect to themselves if it were possible (score 1, irony).

Re:It never ceases to amaze me

[The+Cydonian]

Partly perhaps, because 404 has caught public attention; it's apparently an accepted word in the English lexicon.

The irony, of course, is that it apparently means 'clueless'. :-)

Re:It never ceases to amaze me

[Elladan]

404 is one of the standard response codes of the telnet protocol on which the web's HTTP is based.

The first 4 indicates a client error such as a mistyped URL. The middle 0 refers to a general syntax error. The last 4 just indicates the specific error in the group of 40x, which also includes 400: Bad Request, 401: Unauthorized, etc.

By their own definition, it would appear the reference.com site is itself a 404 error. :-)

Re:It never ceases to amaze me

[Riff10111]

how a company can commission an "independent" survey that yields exactly the results the company wants, regardless of the degree to which those results contradict common experience / knowledge.

Simple: the consultants know who signs their check, and if they want another one, they tell them what they want to hear.

Vote with your USD, EUR, etc.

Ok, I'm a small fry. I only have two domains remaining with Verisign and those I hope to transfer soon. True, Verisign will still collect a "wheat tax" but not the USD 35/yr they get now (it was interesting that when I transfered my last domain I got a special "get it now" renewal offer of only USD 19/yr). Imagine how much they stand to lose if large numbers of folks register somewhere else. Besides the monetary savings and the sending of a message I see my transferring of domains as a safety measure. How long before ICANN gets tough and Verisign tries to blackmail all of us by shutting down their servers? Or claims that your domain belongs to them? Jump now while there is still time.

Time for a new system

[Lockle]

Let's see how long, in the current economy, Verisign avoids using pop-up ads. I can just imagine typing in a wrong domain name and having 15 pop-ups such as "what the monkey and win a prize" or flash ads that take over your screen.

I hope ICANN follows through with their threat and sues them so the first steps in getting a better DNS oversight agency can be taken.

Or perhaps it's time for backbones and providers start thinking about a better system. DNS is a protocol that could use an overhaul.

--
tasty and delicious

A modest proposal:

[An+Onerous+Coward]

I think we should have Microsoft crusherize them.

Next patch to Internet Explorer, they should throw in some code that brings up their own search page whenever a domain name resolves to Verisign's computers.

I have few complaints with Microsoft's service, because the behavior is happening at the application level, not the infrastructure level. I mean, what good is having a 95% browser share if you can't smack down the little bastards that try to muscle in on your turf? :)

Re:A modest proposal:

[Dan+Nordquist]

I can't think of any possible downside to that proposal.

Er, wait, yeah I can.

Re:A modest proposal:

[aggieben]

here here! Right on! Why not encourage MS to do what they're good at, to both their benefit and ours? This is exactly where capitalism should step in and fix this mess.

Untrustworthy

[FireFury03]

When will they withdraw the top level domains from Verisign's control?

They have already been shown to be untrustworthy on several occasions.

root servers

Anyone know of any alternate root servers that I can set up in BIND to bypass Verisign's authority on .com and .net domains? If not, anyone willing to set up alternate root servers? I highly doubt that ICANN will follow through on their legal threats.

If there are no alternatives, I'm going to point all web traffic from my network destined for Verisign to go to GoDaddy instead. That's not a lot of traffic, but no one on any of my networks will be able to reach Verisign's site any more. So, they can have their SiteFinder profits, and I'll make sure that there's a dip in their domain registration and secure certificate profits.

Yes but...

[Pxtl]

IE is not breaking any standards doing so. Redirecting failed DNS lookups on the _client_ side is actually a reasonable idea. Honestly, if Google had a good browser-plugin for Moz or IE that delivered a properly verbose "that site doesn't exist, here are some similarly spelled sites" I might use it.

Verisign is fscking every client that would want to do this.

Re:Yes but...

[CerebusUS]

Actually, Google's v2 toolbar for IE DOES allow you to do that. It's quite nice.

Shouldn't this _feature_ be at the CLIENT?

[TsEA]

How easy would it be for implementing the same behaviour to a browser? Instead of an automated reply from Verisign, I'd love this to be an option (ie. I would be able to turn this off, or even change providers, not like IE's MSN search). Maybe an automated google search or something. The possibilities are endless. And the choice goes to the consumer.

Anybody sharing my feelings?

Verisign wins a new award...

[coene]

The award for the ownership of the most packet-filtered IP address in the world, previously held by Mr. Spa Malaur - a mail server operator from China, has been awarded to Verisign.

Sign the anti-Verisign DNS abuse petition NOW !

http://www.whois.sc/verisign-dns/

Yeah, so?

[Quixadhal]

Big deal... it's not like I removed the firewall rules from the last time or anything... Once a spammer, always a spammer.

I would like to point out...

[Perianwyr+Stormcrow]

...that Verisign is selling off Network Solutions. Sitefinder becomes, then, an abuse of network infrastructure to prop up, based on who's buying the company, a troubled business. Shame on that.

what's the big deal?

[the+idoru]

i don't know what the big deal is. whenever i mistype a web addresss, the internet takes me to a wonderful search engine created by microsoft. the address i was looking for is usually on the 2nd or 3rd page. it's so convenient. everyone, join me in thanking microsoft. thanks microsoft!

Re:what's the big deal?

People use the Internet for things besides browsing websites.

Re:what's the big deal?

[linuxbikr]

The difference between Verisign and Microsoft is the fact that Microsoft implemented their redirection/helper page as an application feature in response to a DNS "unable to resolve" response. Microsoft's feature, whether you agree with it or not, only affects users of IE and doesn't not affect the functioning of the Internet worldwide. If you don't like the feature in IE, use Mozilla, Opera, etc, that don't implement it.

Verisign's redirection is done by changing the fundamental and expected behavior of DNS worldwide without allowing the user's to turn it off or use a different product. Ironically, the use of SiteFinder disables the Microsoft IE search feature since the non-existent web address now resolves!

To Verisign: the DNS is not yours! It is a utility like the power company. The power company just can't change the voltage they deliver to your house just because it might save/make them money and you can't change the DNS protocol interface just because you want to! IT DOES NOT BELONG YOU BUT THE WORLD-AT-LARGE, YOU UNETHICAL AND SHORT-SIGHTED BASTARDS!

Can these folks accept defeat gracefully and learn to play nice with others?

Re:what's the big deal?

[n0rm]

exactly, The end user shouldn't see an "error", because the program should handle it and present you with options.

Shifiting meanings

[abb3w]

"The Value of Trust" seems to have shifted from "It's worth something to doing business with someone you can trust" to "Since we're trusted, we can make money by abusing that trust!"

This seems more short-sighted poor corporate ethics, like Enron made famous.

Browser Problem, Not a DNS Problem

[Washizu]

Your browser should decide what to do if it encounters a 404 error, not the DNS server.

So what is the best way to show my disapproval?

[Pika]

I already plan on taking my business elsewhere by moving my domains to another registrar.. but what else is there to do? Where are the organized movements to express frustration with Verisign?

Please post links.

I know I'm a small fish, but I'd still like my voice to be heard.

Re:So what is the best way to show my disapproval?

[fuzzybunny]

Try GANDI. I have all my domains with them--they're cheap, reliable, have unambiguous (you bought it, you own it) terms of service, and offer instant domain parking if you can't get your dns server up right away.

If you're still with verisign, you've got a problem.

Re:So what is the best way to show my disapproval?

[herrvinny]

Hit them with a DOS. Write up a simple program to keep requesting the SiteFinder "service" every second, and leave it on overnight. It's your patriotic duty!

Best quote

[PitaBred]

"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," He's claiming to be non-technical, but he knows what a 404 error is and what it means... something smells fishy if'n you ask me. Seems more like a ploy to drum up "grassroots" support, or at least less media opposition.

'Agree with me or shut up.'

[extrarice]

Gotta love Verisign's attitude about this whole thing:

---
"Larson suggested that "you guys don't think consumers are relevant" and that committee members were unduly focused on the travails of network operators affected by the Site Finder changes.

"We're going to have to stop this discussion and turn to a different venue," Larson said."
---

Of course users are important. But the opinions of those in the trenches making things work is more important. Think of it this way:

What if a car maker declared to its customers and put up signs along the roadway stating that people could drive on whatever side of the road they want. Of course users (drivers) would like this, because they can cut corners and zip around traffic more easily. The Department of Transportation would be throwing fits, demanding that those signs be removed, citing safety concerns, etc. "But the drivers all think this is a great idea!"

Customers will certainly enjoy SiteFinder - until the nature of the beast starts breaking standard functionality. Then they'll yell at us - the nerds who make it all work - that the Internet is broken.

Jesus, GET A GRIP.

And please learn what you're talking about. Pull your head out of youre ASS! VeriSign *did not* break the Internet. Get a CLUE!

Privacy Policy

The "SiteFinder" privacy policy stated "if you don't agree to the terms of this policy then don't use the "service". Nothing would solve the problem better than Verisign providing a method for internet users to have an option to "not use the service".

The best method I can think of would be for Verisign to provide an alternate set of root servers that didn't use the "service".

Poll ....

[jefu]

A poll of 1000 interactive users

In another story, random members of the families of high ranking Verisign executives were asked about their days. "We spend so much time on the phone now that we have little free time." was a frequently heard complaint. "But I guess we can't get on the Do Not Call list really as the callers all seem to be doing polls and they're all about Verisign. I a bit of responsibility to answer their questions because of my family relationship."

Those interviewed said they'd never been bothered by ending up at one of the Verisign pages. "DNS? whats DNS?" one respondent said. Another said that the nice systems geeks from Verisign had set up their computers and had told them that the household would be getting "Special DNS service". Evidently this special service goes directly to special Verisign servers in order to help those connected with the company to be able to reach the network even when there were problems with other DNS servers.

That's fine... DoS them.

[DroopyStonx]

Well, with this decision they made and the lie that internet users find it a helpful tool (and it is a lie), I guess we'll just have to introduce them to Mr. DoS. :)

cubs fan?

where are those internet users that find this helpful? I want to beat the fuck out of them!

Why does this bother people so much???

[IWorkForMorons]

Alright, I know WHY it bothers people, but why is it that people are more bothered by Verisign doing this. Yes, they are a big company with control over a domain. And they are using (or abusing) that control to generate more revenue. But exactly how is this different from the site leeches that register misspellings of popular websites? If you don't know what this means, just try mispelling google.com or yahoo.com. You'll find out right bloody quick. And you'll probably be drowned in ads, popups, and Gator downloads. What difference does it make if Verisign does it or Dan The Shut-In across the hall does it?

Re:Why does this bother people so much???

[herrvinny]

Because everybody else HAS to pay 7-35 dollars for the privilege of cybersquatting. Vericrud doesn't pay anything.

Re:Why does this bother people so much???

[Animedude]

a.) they do it for domains which do not exist. Those are FAR, FAR more than the few deliberate typo-domains.
b.) their "solution" breaks applications which rely on certain error messages.
c.) they earn money by doing something they should not do in the first place. "search help"? Ha! I can already see the advertising...

"Could not find your site "www.toyoota.com". Maybe you wanted to type "www.bmw.com" or "www.volkswagen.com" or "www.tenincheslonger.com" or "www.easymoney.com" ?

Re:Why does this bother people so much???

[n0rm]

My browser is supposed to redirect me to google if I get a site not found error. With the keywords in place I NEVER get that error, because verisign has decided that my application isn't important.

Funny, they talk about focussing on the "end user" but they ignore user problems they are causing.

Forget DNS! whoops, forgot your IP?

[Loconut1389]

All i can say is 8 Words....
5F05:2000:80AD:5800:0058:0800:2023:1D71

I hope we get all this dns junk figured out before ipv6. I'm not typing out addresses like that all day.

Hey not to mention, itll be fun when trillions of ips are all wanting some kind of dns name.

alternatives...

[NotInTheBox]

Maybe now we can all jump tot a alternative non-hierachical dns structure? Dns is by design not hierachical; It's peer to peer. That it has any root at all... well, that's just a historic misfeature...

One alternative is OpenNic.

mynuts won: more popular than ever?

eye gas that form of censorship/manipulation is just about as valid as va lairIE/robbIE's pateNTdead PostBlock(tm) devise, which, as we know, is whoreabully infactdead.

lookout bullow. you know who to consult with/trust, regarding matters of the heart, mind, wallet, etc... see you there.

Time to take back the roots

[Skapare]

The present root servers only serve that purpose because we (who have name servers) allow them to. There is a file that comes with recursive name servers that "seeds" them to know where the root servers are (you have to start with some IP addresses). Many people might not yet be aware, but there are separate servers for the "." zone (the root), and top level domains (TLDs) like ".com" (more correctly "com."). It is the root zone that delegates authority to the top level domain servers. By configuring your name server to be authoritative for the root zone, you can choose where each top level domain is delegated to.

What I proposed a few years ago, which seems even more important these days, is that name server operators (and anyone can operate their own for their own use, and the use of anyone they allow to use it) "take back the roots" and control which name servers they want to refer to for each top level (or lower) domain name. This would allow genuine competition in things like different policies for domains like "com" or "net", and the introduction of new names as soon as someone wants to offer them.

It would also have the effect of fragmenting the internet, as many have pointed out in my past postings of this proposal. But I say that's a good thing; I'd like to be fragmented from spammers, RIAA, etc.

Ah, the life of a Vice President.

[Qrlx]

I want to be in Roy S. Lahet's "Vice President of Planning for Mercy Behavioral Health" job. At the "busiest times" of his day, he has time to randomlyy type URLs into Internet Explorer (or maybe AOL. You can never tell.) Plus, he can't even type, or he never would have found SiteFinder in the first place.

Take the headline, and replace...

"Verisign" with "Germany," and "SiteFinder Advertising" with "Jew Extermination," and you won't generate that much more revulsion than is being felt in the tech community over this move.

A "service?" Yeah, like a bull "services" a cow

[Brett+Glass]

Here in Wyoming, we have an old expression which says that a bull "services" a cow. Verisign is "servicing" the Internet community in the same way, by effectively grabbing every unused ".com" or ".net" domain name for its own profit.

It's worth noting that "ordinary" typosquatters have to pay 7 to 35 dollars a year per domain. Given all the possible names on which Verisign can squat, how much money is it looting from users of the Net? Perhaps it should be required to contribute that amount to a worth Internet-related cause.

Re:A "service?" Yeah, like a bull "services" a cow

[cyt0plas]

Well, maybe now, they'll only be servicing ".com"

their own independent examination...

[herrvinny]

their own independent examination

How can it be independent if THEY DID IT?

Seriously though, what type of hardware/software is Verisign running to support such a massive "service"? Can we hit it with a DDOS?

One more point

[farnz]

I looked at the T&Cs for Sitefinder, and decided that I didn't like them (I disliked parts 4,6,7,8,9,12,13 and 14). Since part 10 tells me that my sole remedy is to stop using Sitefinder, I contacted Verisign to ask how to either amend the T&Cs to suit me, or stop using Sitefinder to handle mistyped domains. Their answer? Don't mistype domains.

I doubt that they could enforce their T&Cs on me, since I'm not based in the US, but I personally dislike the idea that I can be obliged to accept a contract just by making a typing error. Further, I really dislike being told that I'm not able to refuse to accept this contract; if I don't like the T&Cs, I should be able to stop using the service.

What about this user who liked SiteFinder?

The Verisign press release includes an infomercial-style testimonial from one Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. Do I really want to trust the testimonial of a VP of planning whose projects grind to a halt when he mitypes a URL? Is there any non-contrived situation you can think of where SiteFinder would be actually useful -- not for buying spam type products, but where you'd actually welcome that 'service'?

Baby, who you gonna believe?

[Medievalist]

Me, or your lyin' eyes?

(As the man said to his wife, on being caught in bed with the housekeeper)

Infrastructure must be neutral!

[swordgeek]

That's all there is to it. Infrastructure has to be neutral. That means that HTML must be a platform-neutral standard, DNS resolution must be vendor-neutral, etc., etc.. If your browser doesn't want to follow standards, or if it wants to go to its own page AFTER getting a neutral (Error 404) reply, then so be it. But implement it at the browser level, NOT the infrastructure level.

This may sound radical...

[musicscene]

... but STOP USING THEIR SERVICE.

I've moved all domains I have to another registar and refuse to have anything to do with them.

They are coming into my life and inturrupting my surfinng, I really don't want to see Verisign's little "I am all over the web and you an not do anything about it" service.

MOVE ALL YOUR DOMAINS NOW!

Not Entirely True

[uberdave]

IE will let you use other internet services other than HTTP. FTP comes to mind. You can also type in telnet://

Re:Not Entirely True

[Drantin]

It does FTP very poorly, have you ever noticed how long it takes to connect to an FTP with IE? even a local one? (eg: your comp..)

telnet:// opens up your default telnet client, any other program that understands what the protocol bit at the beginning of the URL is does the same...

Re:Not Entirely True

[SpaceLifeForm]

IE does FTP just well enough to download Mozilla. That is the *only* time you should ever use IE.

Re:Not Entirely True

[eyeye]

I use it for windows update too.

Very occasionally for badly behaved websites though now I tend to just ignore them as "broken" which is what they are.

I used to fall back on IE but more and more I discovered if the site doesnt work then its probably fucked in other browsers too.

I would like to hunt some of these "web designers" for sport.

dotster.com

[Russ+Nelson]

Dotster.com floats my boat. They make it very easy to transfer a domain to them. Of course, Verislime still gets $6 of that transaction to publish the record in the root zones.
-russ

Verisign out of Registrar business

[medina]

Verisign is pulling out of the Registrar (not Registry!) business

http://www.verisign.com/corporate/news/2003/pr_200 31016.html

Feedback to Verisign

[Lizard_King]

I wrote to Verisign... They posted the following contact information on their press release:
VeriSign Media Relations: Tom Galvin, tgalvin@verisign.com, 202.973.6600
VeriSign Investor Relations: Kathleen Bare, kbare@verisign.com, 650.426.3241

I was quite surprised by the results of their usbility study, so I asked them if they could provide so more data to back up the results. I also provided some other statistics from objective sources that voiced opposite opinions.

Will this single email be effective? Probably not. But I think its important to provide a continual stream of feedback to Verisign. Negative user feedback worked for the general good with Intuit... maybe lightning can strike twice!

self-investigating....

yeah.. we buy that.. just like bu$h administration can investigate itself.. HAHAHAHA.

Suggestion for Netsol/Verisign

[craznar]

I suggest that Network Solutions be allowed to restart the site-finder once they implement a system allowing for only Web requests to respond with the wildcard address, allowing all other services to correctly give no record. We all know that this would be easy for them to implement, and once done all other services would continue to operate correctly. Anyone here want to write an RFC and send to VS/NS.

Class Action Lawsuit

Now is a good time to start organizing one.

Verisign MUST be backed on this by the gov't

I can't beleive Verisign is jeopardizing most of their revenue (6$ / year / domain) as top .com/.net registrar just to make some additional cash.

They must have received some kind of guarantee from the government that their role as .com/.net maintainer will not be revoked.

Considering the composition of the Bush government at this time (shady businessmen, ex sleazy CEO's, petrol kings), I would look closely at the connections between its members and Verisign's top execs.

SiteFinder is as much of a "service" as...

[seekr_hidr]

SiteFinder is to the Internet what Disk Defragmenter is to Windows users...... Both are services that are claimed to be "helpful" to its users but are not supposed to be there in the first place...:-)

Verisign provides Contact e-mail and phone numbers

[ccandreva]

Verisign's press release --
http://verisign.com/corporate/news/2003/pr_200 3100 7b.html?sl=070804

Thoughtfully provides e-mail addresses and phone numbers of who to contact at Verisign for more information:

For more information, contact:

VeriSign Media Relations: Tom Galvin, tgalvin@verisign.com, 202.973.6600

VeriSign Investor Relations: Kathleen Bare, kbare@verisign.com, 650.426.3241

Here's what I sent:

[Davin+Boling]

Gratuitous typos included. i cn speel relly gud --- VeriSign's primary strategy in keeping their SiteFinder service alive is to keep the controversy in the arena of effect it has on the average user who only uses the internet for WWW/HTTP browsing. The internet is an extremely diversified network of countless data-transfer protocals which are by no means similar to HTTP. This is the personal opinion of the writer, but VeriSign is endangering its position of having the right to run the TLD name servers which govern these additional protocals. VeriSign insists that the technical difficulties SiteFinder introduces to the internet are "negligable", justifying this opinion by what the common user is capable of casually percieving. This demonstrates a desire of VeriSign's to willingly jeapordize the rest of the internet for the sake of their marketing strategies depending on a single protocal. VeriSign only further incriminates itself by offering its latest defense to complaining professionals, "you guys don't think consumers are relevant". This is a gross mis-statement, as VeriSign is only considering its own consumers while damaging the operations of other companies and *individuals* worldwide. As an IT professional, who has no legal authority to inforce his opinions, I'm of the mind that VeriSign needs to have its rights to host the TLDs re-evaluated. The company has demonstrated its willingness to compromise the entire internet, by which I refer to all data transfer protocals and not simply HTTP, and attempt sway support of the general public to its cause by taking advantage of its ignorance. It is our duty as administrators to simplify the operation of the internet for ordinary users, so that they are not *required* to have an exhaustive knowledge of protocals and how they inter-operate. It is a testament to our resolve that users are able to utilize the internet effectively without knowledge of protocals other than HTTP. Taking advantage of this ignorance, especially to selfishly sway the opinion of the masses away from their own intersests for the sake of imagined democracy, is highly irresponsible. I'm very sure the actual administrators working for VeriSign know *very well* the harm of what they're doing, but it isn't them who are making the decisions. We need only look as far as the commentary from VeriSign's ranking executives to see that it's all fluff, with a blind eye turned to anything remotely technical.

On an unrelated note...

[Davin+Boling]

Remind me to use Preview more often, it ate all of my returns!

Not only Verisign

[arth1]

The problem isn't only with Verisign, although they have certainly put the focus on the problem. Some other top level domains than .com and .net also return results for non-existing entries, including *.nu and *.museum.
Others, like *.name and *.no use wildcards, but use extra logic to return a "not found" (nxdomain) when the second leel domain doesn't exist.

It's time for ICANN to enforce the standards, both against Verisign and the others. Since Verisign is the TLD entity that has the largest impact, they should of course go after them first. That doesn't mean that what .nu does is any more ethical.

Regards,
--
*Art

Re:Not only Verisign

[ckaminski]

I'm not sure it was the .com and .net specifically that was causing this problem, but the root servers located at root-servers.net. EVERY computer shipped with TCP/IP in the past 10 years has these IP addresses configured in their caches as resolvers of last resort. Changing them broke EVERYONE (well, small bits of everything). The other TLD's don't matter because not many people are using them as wildcard servers.

VeriSign says security is not an issue?

[valderost]

According to the referenced article, VeriSign does not concede the existence of security issues with their wildcarded name resolution. This suggests a false, yet underlying, assumption: that the user will not provide sensitive information to VeriSign's servers because the servers have not identified themselves as legitimate recipients for that information.

Email breaks this assumption. RFC 2821 section 5 clearly states that when a fully-qualified domain name has no MX record, the MTA should treat the A record as an implicit MX with priority 0. In other words, if you typo the domain name of an email address and VeriSign resolves the domain to their address, VeriSign can receive and review messages that should otherwise bounce...you will not see an error unless VeriSign wants you to, and you will generally have no opportunity to withdraw the email before your mailer attempts to send it to VeriSign.

While many of us know that email (and DNS itself) is inherently insecure, the fact is that cleartext emails sent across the internet routinely contain sensitive information. The fact that VeriSign could (but currently does not) receive these is a security issue that merits consideration. VeriSign is arguably not playing nice with domain name resolution, and nobody should have to rely on them behaving nicely in handling mis-addressed email.

A simple solution to the Verisign problem

[BECoole]

If I was a company that had applications broken by the Verisign change, I would write them a letter informing them that I will be seeking damages to cover the cost of changing my software and any lost business I experience due to their changes.

404?

[InvisiblePants]

"Alternative suggestions instead of a project-stopping 404 is a welcome and functional improvement to my use of the Web and related searches. It is difficult for me to see a downside to this user friendly enhancement

Uhm... can someone explain how this will stop 404 errors?

404 != NXDOMAIN

[Door-opening+Fascist]

VeriSign says that this will prevent 404 error messages from happening. How did the original SiteFinder prevent that? It prevented NXDOMAIN errors in the .com and .net TLDs, but it never prevented 404 errors, as those are handled by each individual webserver and have nothing to do with DNS, but only with not being able to find a file on an already-resolved webserver.

Verisign's choice of spokesuser

[jayrtfm]

From the press release:
"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health."

a google search for him came up with this picture as the second result.
out there... somewhere... a Verisign PR guy is limping with a smoking gun and wounded foot

Traffic

[wiredlogic]

They want the traffic that Sitefinder brought in, as shown here on Alexa.

Re:Traffic

Interesting how flat the top of that spike is. Must be some sort of limitation or flaw in the routing, or perhaps even Alexa's reporting.

Verisign dictation does not equal choice

[weasel47_3]

I wrote an e-mail to verisgn about if I can just have the good 'ol 404 error message instad of being foced to abide by thier TOS to sitefinder. Thank you for contacting VeriSign Customer Service. Unfortunately there is not a way to opt out of the Sitefinder service. The terms and conditions apply to the web site navigation and the search functionality, not to the Sitefinder service itself. Please learn more about Sitefinder by visiting our FAQ's, we have also provided some technical issues to be aware of: http://www.verisign.com/nds/naming/sitefinder/faq. html If you require further assistance please contact us by replying to this email. Best Regards, Tom Correia Customer Service VeriSign, Inc. www.verisign.com sitefinder@verisign-grs.com

How is this helpful...

[rnturn]

...in navigating the web?

If I enter a bogus URL I get a web page instead of an error message. That's helpful to the web user how? If someone's looking for a web site and they get slapped in the face with a sales pitch (``Now you can own "www.gogole.com" for only...'') every time they press ``Enter'' following a URL with a typo, how long before that user gets fed up with the Web?

How helpful would it be if you misdialed a phone number and, instead of getting error tones, you have some automated answering machine telling you that the bogus phone number is available for use?

How helpful would it be if, when you were lost, you stopped asked for directions, and, rather than saying ``I don't know'', the person you asked gave you directions to some business in another city?

Jeez. I'd attribute their behaviour to cluelessness if I wasn't already positive that it was really greed driving them.

I hate this "service"

[category9]

My company produces web based orject oriented database software that relies on dns reporting broken domains for some important internal operations.

Site finder totally broke my software and we had to send patches to all our clients who all reported software failure on the same day sitefinder was launched.

As a small business what am I supposed to do about big corporations changing the way the Internet works?

Our software is complient with the RFC's, now we have to be Verisign complient too.
----------
Phil Harvey
Construct Software Limited
Object Oriented Content Management

How can we fix this permanently?

[dspyder]

If we could patch ever nameserver to never allow a wildcard for a root domain, would that fix it permanently? If Microsoft where to send down an auto-update with a patch to DNS, that would certainly get us in the right direction, no?

--D

To those who can do something about this -

[chadjg]

I'm just an underqualified media weenie, so I can't say exactly what should be done about this.

But I really hope those that are in positions of power and knowledge get it right this time. Sixty days notice seems like more than enough time to write a patch that is rock solid.

Is this a reasonable assumption?

umm.. Verisign, not Verizon. :P

[EvilStein]

Whoops! You made a typo. We *like* Verizon today. :)

Re:404 != NXDOMAIN - call them on it - literally

I just called the media relations number listed at the bottom of the press release and spoke to a very nice, albeit uninformed receptionist. I said I was from [insert local newspaper name here] and I questioned the accuracy of the press release, vis a vis 404 != nxdomain. She first said she would transfer me to Tom Galvin, but then returned and informed me that I needed to speak to a gentleman named (I believe) Tom Hoch. According to her, he is on a conference call right now, but she took my name and number and said he will call me back.

It is fun to play reporter!

To help us ?

[morcego]

Is Verisign doing it to help us ? Great. Errr. Lets check that.
Why don't ICANN gives an ok for Sitefinder, as long as it does not contain ANY advertisement (even Verisign own advertisement) ? If they are doing it only to help, I'm sure they will agree.
The thing that really amazes me is not what Verisign is doing, but that people are really buying this crap about doing it to help the users.

GoDaddy = thieves

[danielsfca2]

They took my money, had a problem transferring the domain, and told me when I called them that it was their standard policy to keep your money regardless of whether they provide the f**** service you paid for (transferring my domain). I said, "So you're not going to transfer the domain." "That's right. "And you're not going to give my money back either. "It's your problem."

Needless to say, I'm with DirectNIC now. GoDaddy is a bunch of slimeballs like VeriSign.

Re:GoDaddy = thieves

[wintermute740]

This is the first problem I've heard about them. I've been fortunate in my dealings with them, as have the people I know who use them. I'm sure isolated incidents can occur with anyone. Verisign has shown repeatedly why they don't deserve to administer *any* TLD, much less com and net. This is the first incident I've ever heard of with GoDaddy, so I'm not ready to put them in the same boat as Verisign yet.

Re:GoDaddy = thieves

[danielsfca2]

You're right; I admit that equating GD with VS was a stretch. VS has clearly proven they are deliberately evil, while I've heard good things about GD too.

They are printing lies

[dwsauder]

From the press release:

"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. "Alternative suggestions instead of a project-stopping 404 is a welcome and functional improvement to my use of the Web and related searches. It is difficult for me to see a downside to this user friendly enhancement."

If you type a domain name incorrectly, you don't get a 404 error. It's a lie. A 404 error comes from a web server that cannot find the page you are requesting. The Site Finder service does not eliminate 404 errors.

It makes me mad that they print these lies. They know better than that.

Where is Microsoft?

[Tenareth]

Isn't Microsoft's biggest attack on Google the fact that they automatically send you to their search engine if you can't find the DNS entry?

This would put a huge damper on that attempt.

Of course, if it damages Google, perhaps they could just wait for the damage to be done, and then "license" their search engine to Verisign/Network Solutions?

Consider yourself reminded. :-) n/t

[StringBlade]

This is not the text you are looking for (Lameness Filter)

Sitefinder TOS

[scovetta]

I find it odd that no one has been discussing the Sitefinder TOS. Specifically, paragraph 6, which states:
6. Modification by VeriSign.
At any time VeriSign may modify or terminate these terms of use, its websites and the VeriSign Services and may at any time discontinue your use of the VeriSign Services without any notice to you, and without liability to you, any other user or any third party. Please review these Terms of Use from time to time so that you will be aware of any changes. Your continued use of the VeriSign Services constitutes your agreement to all such terms, conditions, and notices.

So I can be found to a "Terms of Use" agreement simply by mistyping a domain name? How is this legal? And are there any situations where a user could be caught in violation of this "agreement"?

Re:Sitefinder TOS

[CrackHappy]

I seriously doubt that this could hold any legal water. IANAL, but hell, this is just common sense. Not only that, but how the HELL could they possibly enforce this? How would they determine if the TOS is violated? And even if they can tell that, what could they do about it? Seems like total Legal CYA to me.

Which roots are run by Verisign?

[qtp]

I'd like to remove them from my /etc/dnsroots.global and I think anyone who runs a dns service should do the same (or from your "named.ca" if you run bind).

If I recall correctly, VeriSign is only adminstrating four of the root servers, so removing these will leave you with nine more to query. If enough admins take this measure, I'm sure that ICANN, if not VeriSign, will get the hint that VeriSign has crossed the line, has abused thier authority, and is no longer trusted to provide that service.

Re:What's the "update your website info" all about

[nytes]

If you have a domain name through another registrar then Verisign may be trying to hijack you (as a customer). Verisign and many other unscrupulous registrars regularly spam entries in the DNS lists to get the domain owners to transfer registrar business to them.

Also take a close look at the link, if there is one in the email. If it has a long string of characters, in the middle of which you see "http:" (not at the beginning), then they may actually be trying to send you to a bogus look-alike site that will ask for account names, passwords, credit card numbers, etc. That one is an attempt to scam you.

Re:What's the "update your website info" all about

[StyleChief]

Thanks for the reply. I had heard of the scam avenue before, but everything looks legitimate about the e-mail, URL, etc. I believe that you're right - they're simply trying to hijack the registrar business. Thanks.

What are they on about?

[butane_bob2003]

I doubt that anyone finds sitefinder.com useful. It reminds me of one of those 'top 1000' roms/crackz/pron sites that just lists links to 1000 other 'top 1000' roms/crackz/pron sites, and this goes on all day until you find that no sites are really available from these links, just an endless array of popup adds and more links to lists of links. If you are actually looking for something useful, like a Metal Slug rom, you will never find one this way. Sitefinder is a site Pimp, unlike a search engine, which is actually a useful tool. If you were looking for a hoe, would you go to a pimp? Of course not, you would search for a hoe on the street, like everyone else. I find this an accurate parallel to the sitefinder/search engine relationship. I'm sure pimps would like it if you went to them first, then they could be sure they were getting all their money. (kind of like verisign) Verisign should change the name to sitepimp.com

/etc/hosts

[griffjon]

127.0.0.1 sitefinder.verisign.com

Fixes my problems!

(127.0.0.1 verisign.com works well also...)

Quoth Verisign: "Kill all the experts!!!"

[mrex]

"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. . .It is difficult for me to see a downside to this user friendly enhancement."

So, the summary of Verisigns argument seems to be that while network administrators and the like think SiteFinder sucks, end users are the ones who we should care about.

Examine this logic closely. The judgement of network administrators, aka experts on the internet, regarding issues related to the infrastructure of the internet, is irrelevant.

They are out-and-out advocating that a lack of understanding of the technical foundation of the internet is exactly what qualifies one to make reliable technical decisions.

Is there no lie too bald-faced, no distortion too absurd, or no consequence too detrimental as long as there is money to be made? Am I the only one who doesn't think like that?!?

The day it goes up again

[Wolfier]

I'm ready to run a background wget that surfs a random URL 10 times a second.

Please join me.

Re:The day it goes up again

[Coffee]

Don't do this. Just wget sitefinder directly if you want to impose load. There is collateral damage from looking up formerly nonexistant names imposed upon DNS caches, which have to remember each and every name now in .com, for the TTL of the wildcard record.

For the good of the DNS infrastructure, please just wget from sitefinder directly, if you intend to cause mayhem. I, of course, do not think people should do anything naughty, because naughtiness is mean. Yeah.

Re:The day it goes up again

[Kris_J]

Bugger that, I'm already looking for an alternative to the Internet.

Re:The day it goes up again

[Wolfier]

In this case, surfing one predefined random URL every 10 seconds will eliminate the collateral damage.

Re:I Got Your "Intentional Usage" Right Here

If Verisign turns their hijacker back on, add something like to the bottom of your web pages.

That'll cause every web browser that visits to request Verisigns's page and display it in one pixel. The more people that do this the better.

It's not a DDOS attack because Verisign is intercepting the lookups and redirecting themselves. They can shut it off anytime they want.

Brightmail

[richard_willey]

I found it extremely amusing that Verisign selected the CTO of Brightmail as part of the group doing the technical evaluation. Brightmail is an anti-SPAM vendor that is very heavily invested in signature based anti-SPAM systems.

While Site Finder broke a wide number of different systems on the Internet, crippling DNS based anti-SPAM probably had the greatest direct impact on the lives of end users.

From my perspective, I can't help but think that there might have been some kind of conflict of interest here.

404?

404 is the server telling you that the page isn't found (therefore the DNS was working correctly). SiteFinder won't prevent 404s.

'innovate' right back at 'em

[DarksideDaveOR]

So, who'll be the first to write a browser plugin to make it use "site not found" behavior when the URL resolves to the sitefinder IP? For that matter, who wants to write me a program that'll make all DNS queries on my computer that would resolve to the sitefinder IP come back as non-existent domain? I'd pay shareware money for something like that for Windows.

Re:GoDaddy != thieves

[sbegley]

I had a transfer that didn't work because of Verisign and GoDaddy promptly refunded my money.

Sorry you had a bad experience with them.

Verisign has a problem with ICANN?

[Todd+Knarr]

Verisign has a problem with how ICANN and the technical community want the gTLD nameservers run. Perhaps ICANN should take steps to insure that their views no longer cause Verisign any issues, say by handing the relevant gTLDs over to another registry operator.

In the meantime, ISAGN for an RFC on DNS that says, basically, "If the zone for a domain does delegation to people other than the zone's owner, that zone can't contain wildcard RRs unless everyone with subdomains below it agrees to them. Also, you can return RRs for names in the zone but you can't return RRs for names in undelegated subdomains unless everyone with subdomains below you agrees to them (eg. Verisign could return an A record for "www.com" but not for "www.unregistered-domain.com").".

What Al Gore invented

[yerricde]

Al Gore didn't invent the "net" part of the Internet (the technological side, including IP, TCP, and the common application protocols), but he did sit on the board that invented the "Inter" part (connecting local area networks into one nationwide, and later global, network).

Re:GoDaddy != thieves

[danielsfca2]

Some people, I guess, just have better luck than me.

Oh wait, make that "All people."

Registrarpalooza

[Goobah]

My company currently owns 41 domain names, and not a single one of them is registered through Verisign/NetSol. I say, with all the low-cost registrars out there, hit verisign where it hurts, and send a message that we don't want their silly ads every time we make a typo.

I fail to understand how people think sometimes. If my employer went out every day and put up roadblocks in every route that I took to work, after a while I'd get the hint that maybe my services weren't wanted anymore. Take the hint, Veri$ign, and let it die.

HTTP != WWW

[ScottSpeaks!]

The World Wide Web uses more protocols than just HyperText Transfer Protocol. FTP resources (for example) are part of the WWW as well. This is why Tim Berners-Lee (whose definition of term is pretty darn authoritative, I'd say) took the trouble to include a protocol designation in his specification for the Web's URLs (not realising at the time that one day millions of people would find themselves having to type that awkward "http://" construct over and over).