Slashdot Mirror
Verisign Considers Restarting Sitefinder
Rosco P. Coltrane writes "The Washington Post reports that VeriSign is considering reviving its infamous search engine. 'Site Finder was not controversial with users' says VeriSign's Tom Galvin, and VeriSign 'assured ICANN that it would give 60 to 90 days' warning to resolve any remaining technological problems.' Such as leaving the DNS service alone for example?"
When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search.. (talking for users on School networks, with Windows terminals) which offers the option to use the great Hotmail (Spam Central), Shopping (at ridiculous prices, from the company which could afford to give us all we want free) etc.
tim
Fast mirror here. Enjoy the Net exploatation !
Carefully crafted sig.
There's a difference. Microsoft only do it at the application layer, with a particular browser that they provide. If you don't like it (and I can't see why anyone would), you can always switch to one of the many alternatives. Verisign's site finder operates at the DNS level. It's not as if you can choose to not use DNS, or switch to another name service.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
That is fair enough.. but what about those of us unfortunate enough to be on a school network where we can't install a single thing (not even Mozilla Firefox, bird whatever..) And where we can't access settings. The other point was that for home users, many of whom do not know how to use the configuration to turn off M$ autosearch, it is just as bad as the Verisign is.
tim
Understood. I'm not trying to defend MS, but merely point out that with MSIE, there is an alternative in most cases. Whether or not this alternative is pursured, well, that's another matter. At anyrate, my only point is that it is possible to avoid MSIE, whereas it isn't possible to avoid Verisign short of: 1) using pure IP addresses w/o domain names, 2) using alternate DNS servers, or 3) raise enough bloody hell to give Verisign a run for their money.
#define DRM chmod 000
All slashdotters, espeically people that were seriously affected by sitefinder, please complain NOW. Let them know how controversial it is!
found here
You can change the url to anything you like.
Just do a about:config and change the keyword.URL setting.
I set mine to http://www.google.com/search?btnG=Google+Search&q= which is a regular Google search.
And firebird^H^H^H^Hfox does it for google ...
Are you sure?
I just tried a domain name that doesn't exist, and instead of being taken to Google or any other place, I saw a "www.randomdomainname.org not found" dialog box instead. It doesn't even give me an option to feed it to a search engine from there.
IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.
Perhaps you've installed a plug-in or extension that is doing this?
Also, M$'s way sends you back to a Microsoft page - which is expected
No, it isn't. I expect it to say "domain name not found". End of story.
I love the idea.
That would just put so much stress on BIND servers around the world. It can just very well bring down the internet for most of the world. That could easily cause a massive slow down in just looking up domain names since the caches can fill entire databases.
Many sites cannot be reached by their IP address alone. Ever heard of shared hosting ("name based virtual hosting")?
Actually, rather than ban the SiteFinder IP, ISPs will probably just accelerate their plans to move to bind 9.2.3, so they can use the "delegation-only" option, which solves the problem once and for all.
.com and .net as delegation-only zones, then bind will drop the SiteFinder responses as invalid, no matter what IP Verisign responds with.
If you just ban the SiteFinder IP, Verisign can move it..and then you're just playing whack-a-mole. If you mark
... where we can't install a single thing
If you can save files somewhere (most schools give you space on a central fileserver) then you can install Fire.* - download to filespace, unpack, run program. No full-blown Windows Installer access required.
And you're looking at the issue from the wrong perspective. Most admins couldn't care less what home users see when they type in the wrong URL: a search engine is a good as anything and probably the right thing to do for most people. What they do object to is the fact that wildcard DNS resolution breaks a lot of things end users never see but admins have to deal with on a daily basis - the resolution failure should be handled by the browser, not at the DNS level where there are times when you want a name that doesn't exist to not resolve.
DNS is used by a variety of applications, not just the web. By returning bogus data instead of "NXDOMAIN" (non-existant domain) to applications, applications are unable to easily detect legitimate errors.
Many/most web-browsers already allow you to configure them to go to a search engine in the event of a problem. People actually complain about IE doing it, and IE is the most installed/used webbrowser on the planet, so at most maybe 5% of people, who use browsers other than IE, whose browsers do not support searching for bad domains, would find this "hack" useful.
Additionally, a web browser knows basic information such as what language you speak. SiteFinder didn't. The impact of SiteFinder is such that it replaces an error message everyone can read with a page that many people cannot.
It's bad, and redundant, for web browsers. And it breaks everything else. What's the up-side?
You are not alone. This is not normal. None of this is normal.
I have to think you're trolling, but I"ll bite anyway. You're falling into the common trap of only thinking of DNS as affecting Web traffic. What about email? If you fat-finger your friend's email address, don't you *want* that email to come back, rather than dissappearing into the void that is Verisign? The wildcard they're putting into the DNS isn't just about web traffic. It's *all* DNS queries...that's going to affect email, ssh, nntp, everything. Once of the basic spam filters, for instance, is a check to see if the sender's domain exists. With the wildcard, *all* domains exist, causing you to get more spam.
SiteFinder the search service is fine. The DNS wildcard to *force* you to SiteFinder is what makes people angry.
"Firefox" will do an I'm Feeling Lucky search if you type in something it thinks isn't a URL. Type in, say, "slashdot" and Firefox will do an I'm Feeling Lucky search becuase it isn't a URL. Type in, www.dsfgsdfjghk.com and it will give an not found error because www.dsfgsdfjghk.com is a URL.
#include "sig.h"
You are wrong, Windows users using IE has less than 50% of the market for programs that use DNS, which is what verisign is trying to break.
Outlook and Outlook Express have almost as many users as IE. And there are loads of IRC programs, and not to forget, Quake, Unreal Tournament and all the other online games.
Microsoft doing this stuff in the browser affects only people using IE, and even they can turn it off. Verisign doing this stunt with DNS affects everyone, not just web servers.
If you read a large thread further up, you'll see that that functionality can only sensibly be implemented at the application (browser) level. To do it at the DNS level will break the DNS model. This means that any of the many other applications that use DNS will be broken as they can no longer distinguish between real and fake domains.
Trivial example: spam sender checks will now resolve for all attempts, thus preventing simple blocking of spoofed senders. Want more spam?
Justin.
You're only jealous cos the little penguins are talking to me.
Pretty sure that VeriSign no longer uses BIND.
[snippet from VeriSign website]
Server Software
VeriSign runs special name server software tuned to the requirements of authoritative name servers rather than recursive name servers. With this software, the VeriSign name servers boast exceptional performance, sustaining query rates an order of magnitude greater than the performance of a standard BIND name server.
VeriSign name servers support the latest DNS protocol enhancements to insure maximum security, features, and flexibility at all times.
A sig?!? I don't think so.....
Especially since saying "...leaving the DNS service alone..." is redundant. DNS = Domain Name Service. That's like saying Domain Name Service service. Or like saying PIN number... or ATM machine...
I'm with the general consensus who feel that this is a 'very bad thing'. However - ICANN made a big mistake in announcing it would undertake 'reviews'.
They should have simply given a big fat NO to Versign's Sitefinder in the first place.
Leaving the subject open for discussion was a big mistake, IMHO.
IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.
You recall incorrectly. If you type in a proper domain name, IE will just give you a "This page cannot be displayed - Cannot find server or DNS Error". It only tries to do a search if you type in non domain name type expressions. eg a phrase with spaces or a single word without any dots in it which doesn't match a local host.
I expect it to say "domain name not found". End of story.
That's exactly what it does say! Why do people keep confusing what happens if you type in *words*, with what happens if you type in a *domain*?
Please *try* these things before posting misleading rubbish that will only spark further trollish messages.
(I have tried all of the above in IE6)
It doesn't matter what Verisign uses, your ISP (or you if you're running your DNS) configures your local DNS server with the option which prohibits types other than delegation records in the .com and .net zones. Verisign could be running Microsoft's DNS server for all we care as long as it talks the standard DNS protocols.
It would be more elegant to fix it at your DNS server, assuming you run one. Most have patches available that effectively null out the bogus replies quite nicely.
There are good reasons for a hierarchy. Control is devolved, rather than concentrated in a single body. Each country has control of their own TLD, (excepting those that have sold it off) and believe it or not outside the US they *are* used, particularly for local businesses. And so on to the following levels: a domain owner has the freedom to set up as many third-level subdomains as they like (smtp.mydomain.com, pop3.mydomain.com, etc.). I don't know how this would work with a single-word system.
Anyway, many browsers *will* try .com on the end if you type in a single word, or you can just stick your favourite sites in your hosts file:
66.35.250.150 slashdot
"Site Finder was not controversial with users, 84 percent of whom said they liked it as a helpful navigation service," said Tom Galvin, VeriSign's vice president of government relations.
That's because 84% of people didn't understand how it worked or why it was bad. It like asking people if they'd like to get 80 miles to the gallon in their car, but not telling them they would have to use fuel that's $10/gallon. Of course they'll say yes when they don't know all the facts.
Don't be surprised if they launch it in a different way.
For example, synthesising a pair of NS records for every non-existant domain rather than using wildcards. This will mean that this hack won't work, they are no longer using DNS "wildcards" per se, and all the concerns about protocol violation vanish.
This already exists... there's a simple CGI script for poisoning spam lists. It just generates endless links with email addresses on them, which the email address spiders just all (assumingly) blindly copy:
:-)
Sugarplum -- spam poison
sample...
If more people would use this, perhaps the spammers AND verisign will be discouraged. Two bastards with one stone.
The Official Steve Ballmer Webpage
It's not returning a web page, though. Your DNS resolver asks for, and receives, the numerical address to which the domain name is bound. Now, the fact that it's your browser using the resolver means that your browser goes out and retrieves a web page under false pretenses (because Verisign lied and said the domain name you typed exists when it doesn't); it's not like DNS said "Here's a web page in response to your query".
I'm not saying I disagree with your sentiment, just that it's wrong for a whole bunch of other reasons. Imagine an "intelligent" (for want of a better word) Yellow Pages that happens to display phone numbers for phone-sex services (who are paying YP for the redirection) whenever you look up the wrong company. Or the local crank that gives people directions to the nearest crack house when they ask him how to get to the mall.