Utterly Boring dot com

Need another reason to hate Verisign? UPDATE: Patch Available

Now you have one. Quoting the /. story (because it sums it up very well):

As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising.

VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.

This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time.

Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless.

Not only that, but the system is poorly implemented so you can pass whatever you want via the URL.

ICANN, the government appointed organization that oversees the domain name system, is supposed to watch out for crap like this, but they're about as non-functional as any government entity. They do have a complaint form, but it probably won't do you much good to fill it out.

There's also a NY Times story about this mess.

The folks on the GNSO mailing list, are, needless to say, on top of this, and suggested alternatives a week ago, and, hopefully, will make things right. But as one poster said:

ICANN Board should move with all haste to stop this abuse, by passing passing a vote saying:

"gTLD Registry operators WILL return NXDOMAIN for ALL DNS queries for which there is not a REGISTERED domain name."

If ICANN is concerned at all about security and stability of the internet, they will not allow this abusive monopolist to unilaterally reshape technical standards that have not met with consensus approval of affected stakeholders.

Well said, and I hope that this gets changed before it starts to hit my DNS servers. By default, I have my browser set to hit Google for non-existant domains, but I know when a domain is broken, and it doesn't affect services outside of my Web browser.

Update on 9/17: Patrick, who sent me the original tip, informed me that there is a BIND patch available. BIND is probably the most common DNS server out there, so please e-mail your ISPs/Webhosts and see if they can put this patch in place. I know I will be.

Posted by Jake on 09/17/03 @ 08:28 AM
Posted in Stupid | Permalink



What are you doing down here? Don't you have something better to do? Like Go Back To The Top of the page, or even see who created this site? This site is © 2001 - 2017 by the Utterly Boring folks at UtterlyBoring.com. Steal my content, as I probably did, too, just link to my site or the original site. Batteries not included. One size fits all. Not for off-road use. Not for internal use. Do not taunt Happy Fun Ball.