CentralNic Enables uk.com Wildcard DNS

JamesS writes "It appears that CentralNic has enabled wildcard DNS matching. Many Slashdot readers will remember the backlash aimed at Verisign the last time it did this nearly two years ago to the day, introducing SiteFinder to the world at large."

TDLA wildcard

[slashnutt]

How about starting something useful Instead of wildcarding DNS why doesn't one of these venders wildcard TDLAs making them optional. What's that - you get more money by selling N domain names where N = TDLAs. Yeah it would be hard to wildcard TDLAs but after a few years it wouldn't matter, as the DNS names would become the selling point more than TDLAs. I guess the system could default to .com then .org or it could just show you the possible combination and learn which is the most popular based on your country or something. Regardless of the grainy details but I just would like to see the \.[.]{2-3}$ go away.

Re:TDLA wildcard

[fulldecent]

If you're using Firefox, you can type slashdot into the URL box... and by some magic, you will get to the correct site.
</whisper>

Re:TDLA wildcard

[RealityMogul]

Yeah, buts its all screwed up for other sites. Typing in "Whitehouse" takes me to the .gov site.

Re:TDLA wildcard

[ben0207]

Firefox does a "I'm feeling lucky" search when it doesn't have a proper URL to go to. Very handy, and I wish other browsers would do it too.

Re:TDLA wildcard

[Cat_Byte]

I've always felt this should be the job of the default search engine. I usually disable it but some people who only type slashdot in the url will at least get a 'Did you mean slashdot.org?' at the top of the search results.

Re:TDLA wildcard

[hungrygrue]

Yes, and typing 's' gives you McDonalds, 'd' gives you d-link, and "flubber nuts" (with the space) gives you a recipe site. Typing a non address into the address bar will load the first google search returned - just like google's "I'm feeling lucky" button.

Re:TDLA wildcard

[fulldecent]

If you're actually trying to get to a site called Flubber Nuts, maybe you should be whispering.
</whisper>

Re:TDLA wildcard

[spectral]

This is configurable. go to about:config and filter on the phrase 'keyword'. I happen to not like this feature so much, so I disabled it.

Lots of companies do that.

It's a private company which does this with private subdomains. Verisign manages GTLDs, which is quite a difference, both impact-wise and policy-wise.

Non-issue

[heavy+snowfall]

For a minute I thought this was about the .co.uk domain, a real TLD, but this is just like slashdot deciding to sell joesblog.slashdot.org to someone. What they do with their own domain is up to them.

Re:Non-issue

[norfolkboy]

.co.uk isn't a real TLD. it's a second level domain. .uk is a real TLD

Re:Non-issue

[norfolkboy]

Too right. Though Nominet seem to have their head screwed on!

Under UK company law, Nominet are a "section 30" company.

This means they are limited by guarantee and not by shares.

They do not have shareholders, and are a not-for-profit organisation.

So I don't think we'll see any money grabbing advertorial wildcards in Nominet's domain!

Re:Non-issue

I read this comment and thought WTF does BFD mean, then I FGI and RTFM and realised I should STFU.

Re:Non-issue

[Andy_R]

It is an issue, my company gets a shitload of e-mail intended for the (bigger) company that bought the 'uk.com' version of our domain, because their customers (or more commonly their staff) 'correct' their address.

The whole purpose of uk.com is to mislead gullible people into thinking they are buying a real domain. I just wish someone would take it away from the scammers selling subdomains to the unwary and use it for a proper purpose.

Re:Non-issue

[norfolkboy]

Yes, you can actually.

But you have to demonstrate a good use for it.

For example, police.uk or nhs.uk or even the British Library's bl.uk

You're right, you and I couldn't get a *.uk though

It's their own private TLD, who cares?

[sexyrexy]

It's the same as me offering subdomains on my privately-held domain, but having a catchall as well. Why is this even an issue?

Is this such a big deal?

[Joel+Rowbottom]

[Disclaimer: Vested interest]

I don't see why it's such a big deal for CentralNic to do it, really. UK.com is their domain for them to do with as they wish.

I worked for CentralNic day-to-day for a few years, and the company last enabled this in, er, 2000 I think. It lasted 3 days, during which we were subjected to a barrage of emails from people saying 'wah wah what have you done you've stolen my site' because they'd forgotten to put the 'co' in 'co.uk', and IE had attempted to be clever and autocomplete with '.com'.

I think the change now is probably because they're doing a bit more with portals, and it makes sense for them to increase the eyeball level by doing this.

But, er... doesn't seem such a big deal.

Re:Is this such a big deal?

[interiot]

The issue the Register brings up is that if the community accepts that it's okay for the largest non-TLD portions of DNS to be wildcarded, that it makes it that much easier for Verisign or other TLD's to justify wildcarding TLD's.

Yeah, it's a slippery-slope argument, and in 20 years, it might be possible that everyone agrees that TLD's can never do it, but 2nd-level domains are free to do it. But for now, since Verisign says they'll probably reactivate it, we should send a clear and simple message that it's bad practice in general.

its just a subdomain

wildcard DNS's are very common in subdomains, CentralNIc are just re-selling subdomains (for 37 quid !) of course some people have been giving away subdomains for years

this company are nothing more than scam artists, charging 10 times what a real domain would cost but with none of the responsibility of a genuine NIC

Re:its just a subdomain

[nocomment]

ya even slashdot uses them. I really don't see what the problem is here.

Re:xp

Don't tell anyone I told you.

Whatever

[Spazmania]

CentralNIC is a second-level domain owner. They can do whatever their customers will let them do with *.uk.com.

The outrage at Verisign was over their misappropriation of a root-level domain space where they were merely the custodian.

Choose and Win

[Doc+Ruby]

These registrars were handed a giant chunk of value, ownership registration on our 21st Century language - Internet names - along with the trust of the public that their answers to queries would be "objective", not reflecting some local vested interest. Like which company paid them to return their link. They're "leveraging synergies" between DNS queries and advertising customers. But one person's "synergy" is another person's "conflict of interest".

Real wildcard queries return all of the matching items, not just the one preferred by the database. These registrars do have a synergic value to offer, as they have info about "close matches". Wildcard queries should offer "disambiguation" replies of all matches, DNS-wide, not just those in the local registrar. And even if they make money placing "sponsored" responses, they should have to actually match the query criteria, not just an arbitrary association bought for money. Sponsored links should appear in a column alongside "real" links, like Google adWords, so they're not in the way of retrieving the real responses. And some proceeds from the sponsorship should be returned to the community from which the system derives most of its value: registrants and queriers. Probably just fund the IETF or IANA, which serves the community equitably. The whole system should be optional, leaving queries to default to the original "failure mode", where null responses return only an error message, not a list of "maybe you wanted" responses.

These servics are probably inevitable. And they're probably useful, in returning some financing to the organizations that keep the Internet running. And letting them put what amounts to advertising into the error responses gives a revenue stream to DNS servers. That offers incentive for more servers, which would make the system more reliable, more distributed - competition might even produce inherently valuable innovations, not just these capitalist innovations. But we've got to demand they do it right. If the Internet DNS layer becomes just a smartass "TV Guide", as "brought to you by" takes over our seamless navigation, we might as well all go back to watching TV.

Re:Choose and Win

[zeux]

How interesting...

I'm working in a company that provides that very service.

We catch NXDOMAIN answers on any domain and then try to redirect the user to the website he was looking for (mainly through a simple typo correction algorithm).

We loaded a database with 60% real domain names and 40% sponsored links (well, you know, we have got to make money from this) and plugged our system within the network of 2 small ISPs in France (our system works at the DNS level through a bind patch).

Looking at this slashdot story, I was wondering how long it would be until somebody else would think about it.

Seems like you just won.

Nothing special about uk.com

[alanw]

I treat anyone whose web site is a sub-domain of uk.com with the same contempt as I do .biz and .info.

This is a particularly clueless article, and TheReg ought to have known better than to publish it.

Censored?

[Hatta]

It's interesting, fdsagfdwagdsa.uk.com leads me to the uk.com website. But fuckyou.uk.com and fuckoff.uk.com can not be found? They're not just banning fuck*.uk.com though, cause fuckmeintheass.uk.com goes right to the uk.com site.

It seems they know this is going to be an unpopular move.

Re:Censored?

[caluml]

calum@magpie ~ $ whois fuckyou.uk.com
Domain Name: fuckyou.uk.com

This domain name is reserved and may not be registered.

This whois service is provided by CentralNic Ltd and only contains information
pertaining to Internet domain names we have registered for our customers. By
using this service you are agreeing (1) not to use any information presented
here for any purpose other than determining ownership of domain names (2) not
to store or reproduce this data in any way. CentralNic Ltd - www.centralnic.com
calum@magpie ~ $

Re:Let them wildcard - just make them pay

[Nos.]

Try reading the article. Lets say you register: rtfa.com for $15USD. How much do you pay to then register idont.rtfa.com?

Down with TLDs!

[RAMMS+EIN]

I am with you there! TLDs only serve to cause confusion. Was that website .com, .org, .co.uk, or .org.uk? And some people will happily exploit that confusion by setting up their website on the same domain with a different TLD. So then you'll have to buy your domain on all likely other TLDs, too. Yech!

And what's it all good for? I've seen non-profit organizations with .com names, for-profits with .org names, Dutch sites with .nu names, etc. etc. The supposed relation between TLD and function doesn't hold, nor does the supposed relation between TLD and country. And nor could it, what with country TLDs and function TLDs in the same namespace...

People have told me that TLDs help the system to function, because the hierarchy allows better load distribution. I call bull on that one. Almost everybody wants the .com anyway. You'll have to solve the load problem for the .com TLD, and once you've done that it's not that much harder to throw the rest of the TLDs on that same system.

So, eliminate the confusion and buy my pure names today! How does "theregister" sound as the name of your website, instead of "theregister.co.uk"? Only drawback is that nobody's browser actually supports these new names.

And while we're at it, lets also do away with the inverted order crap. What's with the more specific name going in front of the less specific ones in the DNS name, and the more specific name going _after_ the less specific name in the rest of the URL? And what's with the dot as a separator? /less/to/more/specific/all/the/way!

Re:Complications to SPAM

[iainl]

CentralNic have at least issued a statement that they don't run mail servers on that ip, so as long as admins are aware, they can happily work around this with a block on 213.146.149.160 as well.

Sure, it involves a few extra seconds work, but it isn't the end of the world.

Difference is that CentralNic is not a registry

There difference here is that CnetralNic is not a registry. They bought a domain name from Verisign, just like slashdot did, and then started selling the 3rd level domains off. Ones that people don't buy, they're basically showing adds for their subdomains. No different than what http://co.com/ has been doing for a couple years now. Check out http://co.com/ http://something.co.com/ and http://another.co.com./

This is not a huge potential problem like it was in the verisign script. The domain is registered (register a domain and you get all the sub domains, duh). Very few people are writing software to deal with making custom scripts / programs to treat uk.com as a TLD (which is not). The program with verisign was they wanted to take any unregistered domain and redirect. There are LOTS of programs written for TLD's to check all sorts of things, from your web browser letting you know that the page is not registered, letting the mail system know the domain does not exists, spam checking valid domains, etc.

Re:Verisign

[Raistlin77]

I actually work for one, but I wouldn't recommend my company. We're overpriced. I'd say go to Tucows. On their reseller site, they have a "refer me to a reseller" feature at http://referrals.tucows.com/.

Re:Let them wildcard - just make them pay

[generic-man]

Try reading the article. CentralNIC owns uk.com and sells third-level domains. It has the right to do whatever it wants to its third-level domains. CentralNIC's main asset is not a TLD; it's a second-level domain (uk.com) that it's wildcarding.

Plenty of companies do wildcarding to redirect users to a main page if they mistype a subdomain. Try http://nos.slashdot.org/ http://generic-man.slashdot.org/ http://p0rn.slashdot.org/ etc.

Long live TLDs!

[mrchaotica]

The problem isn't TLDs, the problem is that they're just suggestions. They should be enforced so that in order to get a .com you should have to provide a business license, in order to get a .org you have to be a 503(c) or whatever, and in order to get a country code domain you have to actually be connected in that country.

Additionally, TLDs with no country code should be strictly limited to international or virtual organizations only. For example, McDonalds could qualify for a .com, but the local burger joint would have to get a .com.us. Similarly, Mozilla could still be mozilla.org because it only exists on the Net, while the local charity would be .org.us.

Function TLDs other than com and org would work the same way, of course, although I don't know off the top of my head what the criteria for .net and such would be.

Re:Long live TLDs!

[RAMMS+EIN]

Oh dog please no! There are several disadvantages to your proposal:

``They should be enforced''

By whom? By the trustworthy Verisign? By the trustworthy some other company? By the trustworthy some committee? By the trustworthy government of some country?

``in order to get a .com you should have to provide a business license, in order to get a .org you have to be a 503(c) or whatever, and in order to get a country code domain you have to actually be connected in that country.''

So this means that the application process for a TLD would be different for each country, because what counts as a business license? What is the local equivalent of 503(c)? What if a country doesn't have any such equivalent? What country TLDs are you allowed to use if you're based in one country, have your site hosted in another country, and have customers from several countries? Do you realize what kind of a monstrous bureaucracy you're asking for?

``Additionally, TLDs with no country code should be strictly limited to international or virtual organizations only.''

At what point does an organization become international enough? If there website gets visits from outside the country? If they have a customer from outside the country? If they have an office in another country? How many countries? Does my personal website (meant for anyone, anywhere, but I only live in one country) count as international?

``McDonalds could qualify for a .com, but the local burger joint would have to get a .com.us.''

And what happens when the local joint expands over the border? Do they get the right to a .com? Do they retain the right to their old TLD? Would you like your customers to suddenly have to memorize a different URI for your site when the status of your organization changes?

``Mozilla could still be mozilla.org because it only exists on the Net''

Or rather .net? Or both? Or some yet to be invented TLD for virtual vs. real organizations?

``Function TLDs other than com and org would work the same way, of course, although I don't know off the top of my head what the criteria for .net and such would be.''

And do you trust any individual or group to come up with criteria that are universally acceptible?

Re:Long live TLDs!

[ivan256]

in order to get a .org you have to be a 503(c) or whatever

Why? That's not even the spirit of the TLD. It's not some unenforced rule. .org was for organizations that didn't fit in some other category, not for "non-profits" or some such mythical flamewar initiated nonsense.

From RFC 1591: ORG - This domain is intended as the miscellaneous TLD for organizations that didn't fit anywhere else. Some non-government organizations may fit here.

I don't know off the top of my head what the criteria for .net and such would be.

Perhaps you should read the RFC. After learining the original intentions for the TLDs, you may change your mind to something more sensible than shaking up well-established names to meet your whim.

Re:Long live TLDs!

[RAMMS+EIN]

``Out of interest, why have you used the apostrophie character to create a double quote instead of using the double quote character?''

Comes from my days of using Latex. In Latex, you use `` and '' to make typographic quotes, \" for umlauts, and plain " for something ugly. ;-) For me, it has the advantage that nobody else on Slashdot seems to use this quoting convention, so I don't have to worry about handling whatever quotes may be embedded in the text I'm quoting.

I also use straigt single quotes (which are also schizophrenic apostrophes) as quotes around words where I refer to the word itself, rather than its meaning, and straigt double quotes around pieces of text that would be used by others than me, but I'm not specifically quoting. If that sounds confusing, keep in mind that I've been doing a bit of philosophy. In philosophy, the distinction between words and their meaning is very important.*

Discussion about what quotes to use strikes me as a bit silly, because the only ones that are on most keyboards are ugly and typographically incorrect, and the ones that are nice or typographically correct are difficult to type, and outside the scope of US-ASCII, which is the only character set that can be assumed to work on the Net.

My personal preference for usage in HTML is “ and ” (&ldquo; and &rdquo;), but these fall squarely into the difficult to type and don't render well category. Viewed that way, the Latex quotes are just laziness.

And thanks for asking, by the way.

* As Lenny Clapp put it: ``To use 'to use' to mention 'to mention' is a mistaken use of 'to use', not to mention 'to mention'.''

.uk.com? obscure!

[t_allardyce]

I've never actually visited a uk.com address. No-one gives a shit about anything other than .com or .co.uk other TLD's just arn't prestigious enough. Although you could make an exception for .ac.uk .gov.uk .org and .net that's pretty much it. .com really is _the_ TLD, everyone's first choice is a .com because no matter where you are in the world everyone recognises the phrase 'dot com' like coca-cola.

Anyway that was side-tracking, this thing is a pretty evil abuse of the system, although my hat goes off to them for their capitalist achievement.

Default with some ISPs

[oglueck]

It is common practice among ISPs to enable DNS wildcards for subdomains by default. hoststar.ch is doing that for instance.

raising storm in a glass of water

[nomad63]

I am sorry but if I own a domain, like myself.com, I have every right to do whatever I want with the third level subdomains unless I clearly declared somewhere in my terms of service that, I will abide and governed by the same rules that applies to tld dns providers like verisign.

typing fskjljg.com to your browser and typing fskjljg.myself.com are two different concepts. For the first one, no one claimed ownership by paying money and verisign in the recent past, decided, they can do anything they want. So they basically claimed rights to every unpublished domain name available.

Whereas uk.com in this example, claimed stake at this domain by paying anregistering this domain name. If you are hitting their server to access another and you have the wrong information, they can do whatever they wish, as you, the surfer, chose to visit a webserver (not a DNS server only) hosted by them.

I am not really thrilled how the two concepts put in the same category to ruffle feathers personally. Must be a slow news day at the register.

This Just In

A decision by American timesuck website Slashdot to make all unregistered domains ending with "slashdot.org" direct to its own webpage has raised concerns over the future stability of the Internet.

No matter what domain you type in your browser (i.e. foo.bar.slashdot.org), you will redirected to Slashdot's own webpage, featuring advertising and a ridiculous number of duplicate front-page stories.

The benefit to slashdot.org is clear - increased sales and advertising revenue - but the system by which the redirection is carried out, called wildcard, has been criticised by the Security and Stability Advisory Committee (SSAC) of Internet overseeing organisation ICANN as putting the stability of the Internet at risk.

Wildcard == FUN!

[mcrbids]

My company frequently goes to industry shows and conferences, where we typically have a booth to demonstrate our wares to prospective clients.

We can NEVER count on an Internet connection, even when using a cellular network card - so we have a used laptop set up with the same software as on our public servers, configured with Linux, HTTP, DHCP, PostgreSQL, and DNS, connected to a hotspot. Effectively, the "Internet" that the hotspot is connected to consists solely of the laptop server. This way our salesforce can connect with their laptops and demonstrate our wares easily, while the server and hotspot sit in the corner somewheres near a power outlet. The DNS is wild-carded to our website hosted on said server. Even the user's homepage is co-opted, so if their homepage is goole or yahoo, it redirects automatically to our website.

It's quite funny when, at conferences, we hear people two booths down swear after connecting to our hotspot and all they can get to is our website! People have gotten *MAD* at us for "taking over the Internet"!!!

remember uk.com isn't a real tld

[petermgreen]

its a short domain name someone happened to grab and sell names under.

as such afaict its basically unregulated and a fairly stupid place to put your site.