VeriSign Granted a Patent Covering SiteFinder

An anonymous reader writes "Remember VeriSign's SiteFinder? Turns out that a couple of months back VeriSign was granted a patent on resolving unregistered domains. This came about thanks to its acquisition of eNic, operator of the .CC Domain. How long before Verizon, Earthlink, and OpenDNS are hit up for licensing fees?"

Better link

[OMNIpotusCOM]

Original discussion

Server

[benthurston27]

I'm guessing combine this with apache and they'll catalog your web site without you having to pay for a registered domain.

the answer is clear

America is a bad place to do business in
unless you like walking over (patent/legal) minefields

This is a useful patent for a change.

It will dissuade ISPs from implementing SiteFinder-like DNS abuses.

Re:This is a useful patent for a change.

[OMNIpotusCOM]

Or just make them pay VeriSign. Say... what's VeriSign doing to make money now-a-days anyway? Nothing? Hmm... whatcouldpossiblygowrong?

Re:This is a useful patent for a change.

[benthurston27]

Well i think it would be cool if someone webcrawled my apache server and people could find it without me having to be a whatever.com of course i'd have to have a static ip but thats ok.

Re:This is a useful patent for a change.

It's dangerous to go alone! Take these periods. ............

Re:This is a useful patent for a change.

[SanityInAnarchy]

The bad news is, of course, that it's very likely not a patent troll -- that is, it's very likely that VeriSign actually intends to encourage this behavior.

Oh the Humanity

[DECS]

Maybe we should patent REALLY BAD IDEAS to prevent them from spreading. Of course, it's hard to imagine in advance that ISPs and a company like VeriSign would make a business from poisoning and subverting DNS.

Flash Wars: Adobe in the History and Future of Flash

Re:Oh the Humanity

[Tuoqui]

Unfortunately the patents become public domain after 20 years.

Re:Oh the Humanity

[smittyoneeach]

After having been trivial, obvious, and awash with prior art by the gallery for decades previously.
None of the presidential candidates, AFAIK, has said peep #1 about patent reform. Hm.

That might be a good thing...

[Whatanut]

If it stops DNS providers from using this practice... I'm all for it.

Re:That might be a good thing...

[Antique+Geekmeister]

Are we discusing the same Verizon? The one that made every single failed lookup on DNS for the *.com domain, which htey manage, resolve to their advertising pages? It broke a huge number of DNS testing tools, and caused all sorts of nasty traffic problems.

The chance of Verisign blocking this kind of behavior, except to protect the turf so that only they can do it, is so small as to be the same of making SCO admit they lied about owning UNIX.

Re:That might be a good thing...

Are we discusing the same Verizon? No, we're discussing the same Verisign.

How about

[unity100]

i start to use SSL certs other than verisign, and advise my clients to do as such too, and you all do that too, and with that reaction shove that patent up verisign's butt ?

Re:How about

[tepples]

i start to use SSL certs other than verisign

VeriSign bought Thawte and GeoTrust.

And other than VeriSign, whose code signing certificates are accepted for 64-bit kernel mode code in Windows Vista? Comodo's certificates aren't.

Re:How about

[cheater512]

We can boycott Verisign in addition to Vista. :P

Re:How about

[unity100]

rapidssl

But prior art...

Didn't the patent on being an asshole expire a long time ago?

Re:But prior art...

Damn, you beat me to it.

I think the answer is no. Verisign are actively developing innovative new ways to be assholes every day.

Re:But prior art...

You were the original patent holder, so why don't YOU tell US?

Re:But prior art...

NO U!

Good!

[the+pickle]

Hopefully Verisign will use this patent to bludgeon this abominable practise to death at ISPs and OpenDNS.

p

Re:Good!

[Sledgy]

You should check your OpenDNS settings, there is an option to disable the search feature or if you don't like it use another service.

Re:Good!

[Kalriath]

Almost, you can't turn off OpenDNS' redirecting of all attempts to access Google.

Re:Good!

[deraj123]

What is "another service"? Any suggestions? I would love to use one... I've turned off the typo settings in opendns, but I'm still stuck with the google issue.

Re:Good!

[davidu]

That's not true. Look under "shortcuts" in your network preferences and turn off the proxy. It doesn't bother 99.99% of our users and it makes shortcuts and google work beautifully, as both should. But if you don't like it, turn it off. :-)

-davidu

Re:Good!

[deraj123]

This is new. Very exciting. Thanks.

Re:Good!

But if you don't like it, turn it off. I'd say use your own resolver instead. You can't turn off the DNS mangling at OpenDNS without logging in, yet they still advertise that to use their service you simply change your local configuration to their DNS servers and that's it. It feels like having to go down unlit stairs to a toilet with a warning sign "beware of the leopard" on the door to find that your Googling is intercepted by OpenDNS. How is that OPEN DNS?

Re:Good!

[the+pickle]

While that certainly helps OpenDNS users (though yours is the first mention I've *ever* seen of a means to disable their redirect advertising), it doesn't do a darn thing for all the Earthlink and Charter (and others) ISP subscribers who are having this forced down their throats by a service they PAID for.

p

This COULD be a good thing, done properly

[v1]

Imagine verisign charging an absolutely absurd amount for their licensing. I mean totally out of line, like $1M/month. Don't want to pay licensing? Don't infringe.

That would dramatically reduce the amount of this DNS perversion going on.

Not that this is going to happen, but it's an interesting prospect to think about. Heaven forbid the system be taken advantage of to the benefit of the people.

Re:This COULD be a good thing, done properly

[drew]

And if it were anyone but Verisign, I might believe you. Honestly, if I ever design a network protocol, I am going to patent every possible way I can think of to abuse it down the road...

However, since we are talking about Verisign here, I'm sure this is just business as usual. Watch for announcement of a licensing deal with Earthlink in the not to distant future.

a better question

A better question: It is not how long before other big companies are hit up to also pay to play in models that broadly fuck over everyone else in accessing information - but rather: How long before enough people have had enough of absurd business practices and start taking action directly and personally against the executives who profit from these asshole business maneuvers like SiteFinder? Yes, find them and dump them in a ditch. Like so many other places in western society now, the mentality driving practices like this comes directly from the top of the government and business administrations: "Who's gunna stop me, huh?" Well, until people start stepping up and saying, "I will", and taking personal action to do so, large businesses and governments will continue to take as much as they can.

Obligatory Behind-the-times Question

[drinkypoo]

My ISP has recently joined the ranks of retards who return an incorrect result when a domain is not found. I've been looking around but it's unclear who is out there running DNS that I am welcome to use, that is worth using, and that is likely to be at the same IP for a long time. Whose servers should I use?

Re:Obligatory Behind-the-times Question

[lakeland]

opendns

http://www.opendns.com/

Re:Obligatory Behind-the-times Question

[lakeland]

I should have actually read your request properly before posting. OpenDNS is designed to give you almost exactly what you don't want.

Sorry.

Re:Obligatory Behind-the-times Question

Typically the ISP is just having their own DNS servers do this (as opposed to using a hidden DNS proxy). The solution is to run your own resolving cache. Then your ISP doesn't have anything to do with what addresses your DNS server returns (except for domains they control). bind can do this or you can use dnscache and probably a half a dozen or so other tools are freely available.

Re:Obligatory Behind-the-times Question

[drinkypoo]

Typically the ISP is just having their own DNS servers do this (as opposed to using a hidden DNS proxy). The solution is to run your own resolving cache.

I'm trying to avoid going to the root servers, which I understand is considered to be rude if you're just joe schmoe and don't have a bunch of users behind you.

Thus, even running my own cache (actually, I'm using dnsmasq for local resolution) I still need forwarders. I just don't want to use the ones from my ISP.

Re:Obligatory Behind-the-times Question

[DECS]

Well either way it was apparently informative, thanks.

Re:Obligatory Behind-the-times Question

[rs79]

Do you mean root (".") or TLD (".com" et al) servers. Sorry to ask but a lot of people say "root" but mean "tld".

Anyway, primary the root zozne yourself. Run a copy of .com locally. Stop sucking on the tit of US government run DNS servers; we've been babied for 20 years and we really at this point should be doing this stuff for ourselves.

Somebody ought to look in the wayback machine for alternic.net. I have a vague memory of Kashpureff doing this well before 2001.
Talk abourt irony. (He went to jail for hacking the internic. Back then it was considered bad. Not sure about today)

Re:Obligatory Behind-the-times Question

The root servers aren't very heavily loaded as their data has long TTLs. The .com servers do get a lot of traffic, but Verisign has to deal with that, so don't worry.

Re:Obligatory Behind-the-times Question

Pretty much every system administrator knows these, and they've never shown any sign of brokenness:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4

They're fast as hell, well-connected (within 30ms of everywhere I've been on the net) and wide open for public use. Enjoy!

Re:Obligatory Behind-the-times Question

[worf_mo]

You may want to give ORSN and their public nameservers a try. I have used them in the past when my ISP had persistent dns problems, and haven't run into any issues. The ORSN root servers are located mostly in Europe, you may need to check whether the network latency is acceptable to you depending on where you connect from.

Re:Obligatory Behind-the-times Question

[drinkypoo]

Do you mean root (".") or TLD (".com" et al) servers. Sorry to ask but a lot of people say "root" but mean "tld".

Not sure, don't feel bad. AFAIK I mean root. I've done it with both BIND 4 and 9 in the past. I have this tendency to quickly learn what I need to get something working and forget it though. I've more recently got into the habit of writing howtos whenever I do anything because of this. But I've done bind 9 with DDNS and all kinds of fun stuff like that in the past - right now I'm just on the lazy train.

Re:Obligatory Behind-the-times Question

Take a good, hard look at this "DNS Error Page."

For this, and many other reasons, I have dumped Charter.

Re:Obligatory Behind-the-times Question

[drinkypoo]

my ISP gives me a dynamic ISP, and so i have to have a daemon keep OpenDNS up to date with my latest IP. no biggie.

I don't get it, does this result in leaving a long wake of IPs configured to not return stupid results in OpenDNS? I mean, if so, you're providing a valuable service, but it seems like they're pretty retarded. Then again, anyone who would return a bogus, non-compliant result when a standard service is requested is an ass, anyway.

Re:Obligatory Behind-the-times Question

[drinkypoo]

i don't set OpenDNS up for all of my ISP's users -- just me!

The configuration is by-IP, right? So in that case, you're configuring it for that IP, right?

i wrote a little script which periodically checks our network's current IP against a file containing the last one recorded. if it's different, it queries OpenDNS's DNSomatic service, which then updates OpenDNS's record of my IP.

Do you really need to do any periodic checking? Whether it's pppd or dhclient, your system knows when the IP changes. Wouldn't it make more sense to fire on lease renewal, or when the ppp interface comes up?

Re:Obligatory Behind-the-times Question

[drinkypoo]

i haven't heard of pppd before, but i don't see how it'd know my network's WAN IP unless it, too, checks periodically.

Oh, I see. I was somehow under the mistaken impression that you were running something more complicated.

Depending on the model you could load some alternate firmware that provided a simple Linux distribution, there's a few out there. But then management becomes more complicated, of course. If you did, though, you could install this functionality to the router.

pppd would apply to a modem connection. My gateway is a laptop running Linux, with two ethernet interfaces and a modem. One ethernet interface goes out to a switch, to which is also connected a belkin 802.11g AP with WPA2. The other goes via crossover cable to a Linksys WAP11 without authentication, on an interface which allows only ssh, http, https, dhcp, pptp, openvpn, and ipsec. I manage firewall rules with firewall builder, which requires knowing what you are doing but which provides maximum access to firewall rules with a minimum of typing - and more importantly for me, a lack of having to remember any syntax. Plus, it's one application to write rules for many platforms, which is kind of cool.

I understand if all that is too much trouble. Neither of my APs actually support running Linux AFAICT, the belkin is a too-new version that allegedly has very different hardware and the linksys is an antique. I would do it if I could, and have done the next best thing, I guess.

Could, but won't

[Weaselmancer]

If they make it something reasonable, they get to collect license fees. Money for no work. If they use your idea they get nothing except respect from the community.

I know which one they're going to pick.

My ISP does this

[MobyDisk]

FYI - Cavalier Telephone does this too. I called them about it and they suggested tat I use someone else's DNS servers. Unfortunately, the only alternative I have is Comcast. :( Yay for competition, huh?

Re:My ISP does this

FYI - Cavalier Telephone does this too. I called them about it and they suggested tat I use someone else's DNS servers. Unfortunately, the only alternative I have is Comcast. :( Yay for competition, huh? How about (for example) opendns?

https://www.opendns.com/start?device=windows-xp

Rich

Re:My ISP does this

Public DNS Servers

4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

I hope this helps your situation.

Re:My ISP does this

show me a web page on a gte or verizon domain that says these dns servers can be used by the general public. just because these ip addresses have been posted to thousands of web pages, blogs and forums doesn't mean they're truly "public dns servers".

Many Reasons this is Appalling

[billstewart]

There are so many things wrong with this. The first one is that it doesn't actually work as indicated in Claim 1, because it's operating at the wrong levels of the protocol stacks. DNS maps between names and IP addresses, and is used for many different kinds of Layer 4, 5, and 7 applications, but URLs are a Layer 7 function typically supported by browsers, and the identification of what kind of service the client is interested in is not known at name resolution time, or even what Layer 4 transport protocol or Layer 7 application protocol, and in fact the methods used in the patent have the DNS operator's web server decide what kind of response web page to provide in response to a URL included in a HTTP request, even though the client's DNS request might not have been intended to be used for HTTP. When Verisign implemented their annoying breakage of DNS functionality, they supported HTTP on port 80, and had a stub email server that did a sloppy approach to rejecting connections, and AFAICT didn't provide other services, such as correct rejections on SSL's TCP Port 443 or SSH's TCP port 22. It's not clear that they even did the right thing at Layer 3 - if you were trying to "ping misspellllled-example.com", they not only should have answered the DNS request with a "No Such Domain" error message, but if you sent it a ping, it shouldn't respond (I forget if they responded to pings or not; many systems don't do that for self-defense.)

Another reason this patent shouldn't have been accepted is that wildcard domains were a standard capability, and having a web server try to provide useful information in a 404 page was probably a known capability, or at least obvious to someone skilled in the trade. Responding to a DNS request with the IP address of a web server that isn't the one the customer was looking for might not count as "obvious to someone skilled in the trade" because it's obviously wrong.

Re:Many Reasons this is Appalling

Maybe that's why it was granted a patent? Because it's so stupid nobody has ever done it, nor would it be obvious because like you said "it's obviously wrong".

The file wrapper is downloadable from the PTO web site and it looks like it was rejected several times. See http://portal.uspto.gov/external/portal/pair and type in the patent number after solving the annoying captcha.

Re:Many Reasons this is Appalling

[billstewart]

It's stupid, but that doesn't mean nobody's ever done it - my ranting is as grumpy as it is because Verisign did it and several other sets of people have done it since then. Verisign's attempt was really egregious, since they're the main registrar for .com and .net, and ICANN yelled at them until they stopped (one of the few times I think ICANN has really done the Right Thing.) Most of the other people who've done it are ISPs (who shouldn't do that, but you can always set your system to point to some other DNS resolver, and they're at least not the Registrar.)

OpenDNS is more interesting - they're also doing things like offering to block known phishing sites, and while they're still Technically Wrong, you're not going to use them without either deliberately choosing to do so (or having your ISP use them.)

Re:Many Reasons this is Appalling

[drinkypoo]

There's no reason not to permit a patent on doing something noncompliant. There is however every reason not to permit them to do it. At the very least, they should not be permitted to refer to their name resolution service as "DNS" because they are not following the RFC; in addition they should be required to inform all customers that they are operating noncompliant services. This is the type of regulation that government should perform, in order to allow consumers to make well-informed choices.

Another reason this patent shouldn't have been accepted is that wildcard domains were a standard capability, and having a web server try to provide useful information in a 404 page was probably a known capability

I don't understand the nature of your objection. If you have a wildcard record, shouldn't your name server respond to a request for any hostname at your domain, and thus avoid triggering sitefinder?

rr is doing this too

[mwilliamson]

road runner internet does this too now.

Re:rr is doing this too

And so does Charter: http://www11.charter.net/search?qo=www.gmasklgndhafqav.com

Re:rr is doing this too

I haven't seen this on my home RR connection. In Orlando, FL BTW.

Patented fraud

[Wormholio]

I wonder if it's possible to sue anyone who practices this patent for fraud?

on a related net neutrality issue:

[drDugan]

http://www.truthout.org/docs_2006/050508R.shtml

'''
The Federal Communications Commission has recently encountered mounting scrutiny in response to its broad deregulatory practices. Public frustration regarding the FCC has peaked at a time of fierce debate on net neutrality.

        In a memo obtained Tuesday by The Washington Post, 30 current and former commission employees complained about the leadership of FCC Chairman Kevin Martin.

        Staff members observed that "the FCC process appears broken and most of the blame appears to rest with Chairman Martin."

        The memo, written to chairman of the House Energy and Commerce Committee John Dingell and chairman of the House Energy Subcommittee on Oversight and Investigations Bart Stupak, increases pressure on the FCC chairman, who, in particular, has been accused of a rigidly anti-regulatory, pro-corporate approach. Many critics assert that his approach has contributed to a lack of oversight over network providers.
'''

What's a little deregulation between friends, right?

Re:on a related net neutrality issue:

[celle]

Corruption!!

Comment removed

[account_deleted]

Comment removed based on user account deletion

It did...

[gd23ka]

but assholes keep extending it.

Re:It did...

[hardburn]

This may be the only Slashdot thread ever that where a goatse link becomes on-topic.

Who modded this informative?? It's DUMB!!

[gd23ka]

Seriously... that is probably the dumbest advice you can give.

Here in their own words:

"OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We BLOCK phishing sites, give you the power to FILTER out adult sites and proxies among more than 50 categories, and provide the precision to BLOCK individual domains."

Re:Who modded this informative?? It's DUMB!!

[Nullav]

It's optional. If you want the people using your network to do whatever they're supposed to do, rather than going to porn sites and reading Slashdot, you can specify sites to block. If you just want to use it because your ISP is run by a bunch of Cox, just disable the phish filter and typo correction while setting up your account. No ads, no voluntary censorship, and it doesn't suck as much as whatever you're trying to avoid.

As for Verislime's antics, make a wildcard record and complain loudly to ICANN.

Breaks location bar search; workarounds?

[Chris+Pimlott]

My ISP has recently joined the ranks of retards who return an incorrect result when a domain is not found. I've been annoyed to find this happening more and more. What really irks me is that this breaks Mozilla's handy location bar search for one-word queries. Is there any workaround for this? Perhaps an addon could be made to ignores hostname lookup results that match common catch-all servers.

VeriSign is the dot in .com

[tepples]

We can boycott Verisign VeriSign is the dot in .com and .net. Good luck boycotting that.

in addition to Vista. :P I couldn't find home PCs with any operating system other than Windows Vista or Mac OS X at any store that I visited in Fort Wayne, Indiana. Even Wal-Mart didn't have any PCs running Linux for sale. So should everybody who wants to buy a home PC without contributing to VeriSign's driver signing monopoly get either a Mac or a Dell?

Re:VeriSign is the dot in .com

[cheater512]

We can replace our .com and .net domains with .org and other tlds.

Dell, Mac or get a tech friend to make you one at three quarters of the price.
All get around having to buy a copy of Vista. :)

Could Verisign be held accountable?

[Prisoner's+Dilemma]

Aside from all the obvious issues already discussed on the previous thread, can Verisign be held accountable if any royalty paying users of SiteFinder are sued for copyright infringement issues? Or maybe conspiracy or collusion?

I sincerely hope they sue Earthlink...

[SmoothTom]

I sincerely hope they sue Earthlink, because maybe then Earthlink will stop the stupid practice of NOT returning a failure when the domain is not found.

It is getting ever more difficult to find DNS that just works as it should, instead of coming up with a result for every request, even if it has to make one up. :o(

*mutter* *mutter* *mutter*

Tomas

Re:I sincerely hope they sue Earthlink...

[hawaiian717]

At least Earthlink gives you the option of using DNS servers that don't do it. I used them until I switched ISPs. http://kb.earthlink.net/case.asp?article=187117

good!

[nguy]

This is a patent I approve of: the more companies have to pay for it, the less it will get used.

No way this holds up

[mambosauce]

Love it or hate it it's irrelevant. eNic was not the first registrar that did this. There is definately prior art that will make this patent invalid. I'm still investigating dates, but the ccTld i'm thinking of didn't do it for advertising, just a redirect to a domain doesn't exist. If anyone knows the original post the link and date.

Sue the ISC and BIND book publishers?

[mr_mischief]

Wildcarding domains is a very old, in Net terms, practice. All you have to do to have it work at the registry level is to wildcard the top level. It's a trivial one line per top-level domain for which you want to do this in BIND. There's nothing novel or even particularly interesting about it.

What A Stupid Fuckin' Patent

How the hell can companies patent these obvious uses of existing processes?

Wonder who is going to be the first to patent 404's and redirects and other the other obvious fuckin' functions because they were first to put the words "A process for" in front of them.

Not really that unbelievable when you read about how many of the patent board members were unconstitutional appointed to their position.

But then again what else is new in that festering swamp water yaw'l refer to as the American political system!

tinydns patch to ignore sitefinder

[Russ+Nelson]

http://tinydns.org/djbdns-1.05-ignoreip2.patch

Turns A records for certain IP addresses back into NXDOMAIN results.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Whats the big deal for us?

Why should we care? Many wireless "routers" made for home use have dns servers on them, and im sure most /.'ers run their own DNS servers for local use.

I think the problem (for isp and opendns) is that DNS costs money to serve, and what opendns is doing with filling in extra dns records i find helpful. Sure there are google ads on the side, but i could care less. As far as ISPs go, maybe they should raise their already skyrocketing rates (compare to other countries such as Greece) and slow the speeds even more (where is ADSL2 in the US?). It seems like prices are in a stalemate, with the ISPs not dareing to go any lower for fear of retaliation of other isps.

Comment removed

[account_deleted]

Comment removed based on user account deletion

RapidSSL is VeriSign

[tepples]

rapidssl RapidSSL.com, a subsidiary of GeoTrust. GeoTrust, whose current owner is VeriSign.

Re:RapidSSL is VeriSign

[unity100]

well, then we will find a ShitSSL and use it.

BUG: Verisign patent conflicts with older patent?

[lpq]

Doesn't patent 6,332,158 already cover what is in Verisign's patent 7,337,910? It seems that the 2nd patent (7,337,910) should at least reference the 1st patent under the "Related US Patent Documents" section.

How does one submit a bug-report against a US Patent? Maybe the USPTO needs to open up a bugzilla DB to handle things like this?