ICANN, IAB Ask VeriSign to Suspend SiteFinder 276
dmehus writes "ICANN issued an advisory late today concerning VeriSign's controversial SiteFinder service. The advisory requests that VeriSign voluntarily suspend SiteFinder until various independent and objective reviews, which are now underway, have been completed. Interested parties should see the advisory for more details." I think most people here can agree it was a bad idea, although it's not generating revenue for most of us either. ICANN isn't alone here either. Nuclear Elephant writes "The Internet Architecture Board issued this response to an ICANN inquiry about Verisign's SiteFinder service."
So who gets the money ? (Score:5, Interesting)
Why should VeriSign get the money ?
Re:So who gets the money ? (Score:4, Insightful)
Also verisign makes it money by selling domain names. Recall that they used to be free at one point.
The DNS control is *entrusted* to Verisign. Versign doesn't own the internet and they could easily be replaced.
Tom
Re:So who gets the money ? (Score:4, Informative)
Re:So who gets the money ? (Score:5, Insightful)
Re:So who gets the money ? (Score:3, Interesting)
What companies would you suggest? IBM comes to mind as having the resources, and has demonstrated a modicum of "community best-interests" as well as support for open standards.
I don't suppose it need be limited to tech-sector companies either. Maybe one with global presence and pret'near infinite resources, lik
Re:So who gets the money ? (Score:3, Insightful)
I *did* think of Microsoft, tho given their past behaviour, I have mixed feelings about that. They do have the monetary resources; however, they don't seem willing to use their own server infrastructure
It used to be free (while tooth faires flew above) (Score:2)
Assuming you're young enough to buy into a theory calling government services "free."
Re:It used to be free (while tooth faires flew abo (Score:3, Insightful)
> > be free at one point.
> Assuming you're young enough to buy into a theory calling government services
> "free."
Why assume that?
Its free as in $0
When you were done with a domain, you sent in a form to deactivate it. Same form you sent in to register it in the first place.
I cant remember when this change over happened exactly, but it was the early 90's.
(I want to say 1993 but my memory is very shak
Re:So who gets the money ? (Score:4, Informative)
-Lucas
Re:So who gets the money ? (Score:5, Insightful)
maybe because they're tired of running half of the DNS system for free?
Are you serious? You think God came down from High and forced Verisign to do this, as if Verisign doesn't have a choice? I don't get the "for free" part either.
Re:So who gets the money ? (Score:2, Funny)
~Will
Comment removed (Score:5, Insightful)
Re:So who gets the money ? (Score:2)
So yes they DO get payed to do this. Just because they think that isn't enough doesn't mean they get to use their unique position to make money at the expense of the rest of the net's admins.
Re:So who gets the money ? (Score:4, Informative)
You do realize that for every domain name registered in .com or .net ANYWHERE VeriSign gets a cut for running the "registry"? I think its $6. Thats a hell of a lot of money when its multiplied out. Now as far as running a root server, then perhaps, but there are dozens of other organizations also running root servers.
Re:So who gets the money ? (Score:4, Insightful)
It's not as though Verisign didn't know what they were getting into. They knew perfectly well, and I assure you that they are not strapped for cash or bandwidth. Even if they were, blatantly going around destroying the DNS system and violating commonly-held standards of conduct is not the way to do it. Not asking ICANN's opinion in the first place was also somewhat foolish, in my opinion. I would fully expect ICANN to release some sort of order or advisory telling Verisign to stop this practice or lose their contract to run the
I'd love to have been a fly on the wall... (Score:5, Interesting)
Do you think they innocently believed they had found a valid loophole for commercial exploitation a legitimate feature of the Internet protocols?
Or did they say something like this? "Well, OK, so it does violate DNS specifications. People will scream. Let them scream. Nobody can touch us. The IETF has only moral authority. And ICANN and the U. S. Department of Commerce are never going to interfere seriously with any big, successful Internet company. So a few technies get angry, big deal."
Re:I'd love to have been a fly on the wall... (Score:2, Informative)
Re:I'd love to have been a fly on the wall... (Score:4, Informative)
At DNS level also. Wildcard records are part of the master record format. Verisign's servers are using a more complex decision than "anything not registered" which is detailed in the IAB report.
If they simply added a wildcard record there would be no spec violation.
Comment removed (Score:4, Informative)
Re:I'd love to have been a fly on the wall... (Score:3, Informative)
OK, so set up one DNS server locally. Simple configurations are available on the net. I just went through setting up BIND 9.2.2 server, it takes s
Re:I'd love to have been a fly on the wall... (Score:2)
Re: I'd love to have been a fly on the wall... (Score:3, Funny)
Re:I'd love to have been a fly on the wall... (Score:2, Funny)
Versign should have to pay to register domain. (Score:5, Insightful)
Re:Versign should have to pay to register domain. (Score:3, Insightful)
Re:Versign should have to pay to register domain. (Score:3, Interesting)
Seriously though, the money could go to ICANN, IEEE, EFF, or the G.W. Bush war in Iraq fund. My point is this, if Verisign wants to "domain squat" they shouldn't get the domains for FREE and should have to pay for them just like everybody else. They are abusing their unique position as a registrar. For example: I can't hijack or redirect every mistyped domain to my ad server e.g. (yaho.com or yaahoo.com). I have to register each
Re:Versign should have to pay to register domain. (Score:2)
For example: I can't hijack or redirect every mistyped domain to my ad server e.g. (yaho.com or yaahoo.com). I have to register each misspelling.
You could if you owned/managed the recursive outward-facing DNS server in your organisation or ISP, at least for those clients using your server. Verisign controls the authoritative iterative zone authoritative for the .com and .net TLDs, so their benefit is that the buck stops with them for all failed (i.e. non-existant) .com and .net domain queries, whereas yo
Re:Versign should have to pay to register domain. (Score:2)
If Verisign wants to continue this practice then Verisign should have to pay to register each mis-typed domain.
Ahem, they manage the registry, so paying to register each domain involves nothing more than allocating the server space and writing code to automate such registries. There would be an uproar (more than there is now) about monopoly and resource exploitation, and they'd be seriously whipped into shape. Fun, eh? Maybe it IS an idea...
Re:Versign should have to pay to register domain. (Score:2, Interesting)
Re:Versign should have to pay to register domain. (Score:3, Insightful)
Take the power away [from Verisign] is my vote.
Bah. If this was the Real World (read 'international political arena'), the minority power-abuser holding a monopoly on the resource in question(read 'arbitrary powerful government with lots of weapons') would simply stomp on the independent standards-setting body (read 'international concensus organisation with global mandate'), and take the power away from them! None of this wishy-washy "international standards body" slapping the wrist of a powerful money
Re:Versign should have to pay to register domain. (Score:2)
Well that's the obvious answer. If it cost us all $20 to register a domain, there's no reason why verisign should be any different. They want an infinite number of domains? Sure. And they pay $6.386e+125 for them. Note that paying themselves is considered cheating.
Re:Versign should have to pay to register domain. (Score:2, Informative)
I think it would be something like amount = (max_DNS_entry_size! - registered
This would give you a nice fair dollar amount to charge them.
Re:Versign should have to pay to register domain. (Score:2)
Oh, you don't think this is practical as a revenue model?? Back when hotbot.com was a popular search engine, someone registered htobot.com because it was a common typo. Originally it was just a joke (and at the time even said so on th
This isn't really new. (Score:5, Informative)
Re:This isn't really new. (Score:3, Interesting)
Re:This isn't really new. (Score:5, Interesting)
The controversy on SiteFinder seems to be that they're offering query-based ads, which essentially says "It's against the rules to register the typo of your competitor, but we'll sell you an ad on the site that results from that typo."
Re:This isn't really new. (Score:4, Informative)
Amazing you are right. I never knew this. That of course might be your answer. Who the fuck uses .museum anyway? (Yeah I know the obvious answer thank you) See this [index.museum] for all the domains on .museum. One company I maintain servers for has got more domains then this list. Anyway.
The outcry is not so much that they are cybersquatting. Well some are but that is not why the geeks are rebelling. The problem is that you used to be able to do a lot of usefull stuff by checking if a domain existed or not.
Now thanks to this you can't well not without rewriting your code. grrr.
I can only guess that nobody ever used a .museum url anyway :)
But yes it is exactly the same thing. Except for the scale difference. I guess you can't check against spam being send from a .museum domain either.
Good for finding this and pointing this out.
Re:This isn't really new. (Score:2)
Re:This isn't really new. (Score:2)
2.22e+122 is an approximate number of domains in a tld based on some doamin naming rules I found in google and ignoring that a - can't be at the beginning and also ignoring that some people will want domain names less than 67 characters, which pushes these number up by a significant amount, but you get the idea
total = 7.34e67
vs
total =10.10e67
so actually if
Re:This isn't really new. (Score:2)
i.e.: More people use
-- iCEBaLM
Re:This isn't really new. (Score:2)
Do they all redirect like that?? anyone know? (No, I'm not going to click every link to find out
Re:This isn't really new. (Score:2, Insightful)
Screw up .COM and .NET and people care.
Who cares about .museum? (Score:2, Insightful)
gTLD's and ccTLD's are different (Score:2, Interesting)
The
Some people also mention some ccTLD's like
Re:This isn't really new. (Score:3, Interesting)
WRT the other toplevel registries: all of those that have been mentioned so far are breaking DNS anyway. You don't think that all those people with .tv
Re:This isn't really new. (Score:2)
You are right (Score:2)
1) We need to make sure that our argument against Verisign isn't the CONTENT of the Verisign page - if so, they will just remove the ads or something. The problem here is that it breaks the DNS specification (see the IAB response for why).
2) What happens when all the spammers start using
At least 15 different TLDs are doing this (Score:3, Informative)
Including
The search was done using this very clumsy one-liner:
for b1 in a b c d e f g h i j k l m n o p q r s t u v w x y z ; do for b2 in a b c d e f g h i j k l m n o p q r s t u v w x y z ; do host asqerdfqewrd.$b1$b2 >> dom.txt.slet; done; done
(I wonder if there is a character equivalent for 'seq 1-27'.)
Not a "best guess" system (Score:5, Informative)
In common with the majority of internet protocols, DNS is not a best-guess system, it is a technically accurate way of transferring information, with correct failover mechanisms. From the article:
As a lookup system, the DNS is designed to provide authoritative answers to queries.
And later...
The DNS is not a search service, and presenting speculative mappings based on HTTP inputs is not the service that the registry is expected to provide.
And later still...
To restore the data integrity and predictability of the DNS infrastructure, the IAB believes it would be best to return the .com and .net TLD servers to the behavior specified by the DNS protocols.
That seems to wrap it up really. I doubt any further studies will find differently, unless Verisign follows the apparently accepted way of paying for a biassed study......
Re:Not a "best guess" system (Score:2)
Why not add a new DNS record type, the GUA record (for "GUess A"), which would return a speculative A record. ISPs that wanted to provide this service could then fallover to GUA records if A returns NXDOMAIN and so forth.
IAB response isn't (Score:5, Informative)
Actually, if you read that article [iab.org] you will find that it is dated January 25 and is a response to another Verisign screwup. That one was similar to the present one, but had specifically to do with "internationalized" domain names -- DNS records for strings with characters above ASCII position 127.
Historians find it important to check the dates of events and documents, so they can know which ones could possibly be responses to which other situations. For instance, an American comedian telling anti-French racial jokes in August 2001 could not possibly be responding to the French objection to Bush's war. Similarly, a document released January 25 2003 cannot be a response to a situation that arises the following September. Time just doesn't work that way.
Re:IAB response isn't (Score:2)
Re:IAB response isn't (Score:2)
Re:IAB response isn't (Score:3, Insightful)
The defininition of race requires that they be from the same stock, and sorry, that means that national populations don't qualify, because they're not all related.
Re:IAB response isn't (Score:2)
Re:IAB response isn't (Score:2, Funny)
Oh, wait a minute... [bbc.co.uk]
Re:IAB response isn't (Score:2)
Sneaky (Score:2, Insightful)
Re:Sneaky (Score:2)
Old IAB response (Score:5, Informative)
So I guess Verisign interpreted that as "we better wildcard everything then."
Right, then! (Score:5, Funny)
Re:Right, then! (Score:2)
Get the latest version of BIND (Score:5, Informative)
Now all it needs is support for the Evil-Bit in TCP/IP
Re:Get the latest version of BIND (Score:3, Informative)
zone "com" { type delegation-only; };
zone "net" { type delegation-only; };
in
Works very well, the solution was really elegant.
I think it shall be installed very quickly by all ISP's, just in case and even if verisign stops and undoes their criminal move. Just in case...
I really hope they take it down.. (Score:2, Funny)
BIND and soundex (Score:2, Troll)
A great hack.. (Score:3, Interesting)
The fact that we tend to use DNS as an index of everything, and that humans can't get over "Www." is OUR problem, not a problem with DNS. DNS is a precise lookup service... we'd just like it to function as it always has, thanks.
DNS wasn't put here to look up websites, it's far more fundamental than that.. and if people are too lazy to learn how to use a web browser right.. tough cookies for them. We should not be mangling DNS in order to do
Re:A great hack.. (Score:2)
If you have a browser that supports the Google Toolbar, try this:
Install the Google Toolbar
Turn off your address bar.
Type whatever you want into the toolbar, URLs automatically resolve, non-URLs get searched on.
Re:A great hack.. (Score:2)
Or try typing "http://www.chaoszone.org/nosuchpage" into the toolbar, you'll see no referer information is passed. The google toolbar BHO asks IE to connect to the URL directly.
Give google at least a little credit for trying to do things right: using the toolbar as a 'enhanced' address bar is perfectly safe. For now, at l
Re:BIND and soundex (Score:2, Insightful)
Remember, web browsers aren't the only thing that use BIND. You certainly don't want BIND suggesting possible matches to an SMTP server to deliver your private mail =). The solution would be best served at t
Re:BIND and soundex (Score:2)
A web browser plugin would be a much better place to implement this so it can either be replaced or turned off according to the user's wishes.
Re:BIND and soundex (Score:2)
I have a better suggestion. The most important BIND enhancement is: to give a damn about security. No, wait, how about: to stop obfuscating the simple concept of Internet naming, leading everyone to believe that the DNS is somehow difficult to comprehend. Or: to abandom the demonstrably-stupid AXFR protocol. Or: ad nauseum.
Actually, all things considered, perhaps t
Verisign should patent this (Score:2)
Then if ICANN wants to run a similar service, or award it to someone else in exchange for payments, Verisign can take all the money in licensing fees.
I mean, why not pimp this out all the way. It's not like ICANN wouldn't take the idea and exploit it for fees now that Verisign has suggested it. It's not like ICANN is accountable to anyone, and those fees would allow them to fly private jets to private islands in the pacific to have their meetings. I'll bet they wouldn't even
Petition Site (new link!) (Score:2, Interesting)
I'm glad the IAB took that position. Hopefully Verisign will do the right thing....but, given their history, they probably won't.
We started a petition on Tuesday, and it got more than 16,000 signatures, before the site apparently got Slashdotted or something. We had to move it to a new server, with backups of the first 10K signatures. The new link is:
Stop Verisign DNS Abuse Petition [whois.sc]
We also made announcements here [icann.org] and here [icann.org], including having sent a hardcopy of the first 10,000 signatures to ICANN via
Real IAB Response (Score:5, Informative)
Re:Real IAB Response (Score:2)
Generally, we do not recommend the use of wildcards for record types that affect more than one application protocol. At the present time, the only record types that do not affect more than one application protocol are MX records.
For zones which do delegations, we do not recommend even wildcard MX records. If they are used, the owners of zones delegated from that zone must be made aware of that policy and must be given assistance to ensure
Shouldn't we be outraged by email implications? (Score:5, Insightful)
Every time I send a message with a typo in the domain name, my message goes straight to Verisign's email servers. Though they are kind enough to send a bounce back to me, in the meantime they have the ability to
Shouldn't this be the main concern?
Re:Shouldn't we be outraged by email implications? (Score:3, Informative)
Read my entire message
Actually, they don't (yes, I've tested this by telnetting to the SMTP port).
They accept the envelope sender and receiver, then reject the DATA command.
Re:Shouldn't we be outraged by email implications? (Score:2)
Hardcoding ports to services is one of the worst legacies of the Internet and it's a shame DNS never tackled that problem.
VeriSign Power Play (Score:5, Insightful)
If my mom tries to go to http://www.gooodhousekeeping.com and gets a VeriSign message and a search box, well it doesn't take much of that before she starts thinking that VeriSign == The WWW, because VeriSign is who always tells her what she typed wrong and where she should be going.
What this comes down to is a company trying to "brand" the web. In many ways, Google has been successful at this, but they have actually played fair and achieved what they have on the basis of merit. VeriSign is ABUSING their power to brand the web as their own.
It should be patently obvious by now that VeriSign 's modus operandi is one of deceit and trickery. Evidence the fake "renewal" cards they have sent out in the past to "slam" DNS registrants much like the shady phone companies have tried to do with your long-distance.
Damn, it's ridiculous that people even try to get away with this sort of crap these days...will someone with the power to please stop this?
-JT
Fixing the problem (Score:3, Interesting)
Down Goes Their Reputation (Score:3, Insightful)
Maybe it's just the bias I've learned from the Slashdot community, but they now just seem so imcompetent; maladroit? So much for the whole "trust" thing. I haven't given them my business in the past, but now it's looking significantly less likely. (Although they probably end up with some financial gain regardless of where I purchase domain names, correct?)
Now they just join the list of organisations that just leave a bad taste: SCO, RIAA, and now... VeriSign! (I'm sure there's many more.)
Re:Down Goes Their Reputation (Score:3, Informative)
An enemy of an enemy (Score:2)
It's either a money-grubbing domain name registrar that could be ousted if need be or a convicted monopolist that can't.* I'll take the former, thank you.
Erik
*At least not until people stop buying Windows. But that's a few years out yet.
VeriSign sticks with redirect service (Score:2)
Original Article [zdnet.com.au]
VeriSign said Thursday that it would respond to technical complaints over its recent move to redirect Internet users who enter nonexistent or misspelled domain names to its Web site, but it said it would not pull the plug on the service. Criticism has been growing over the company's surprise decision to take control of unassigned .com and .net domain names, which has confused antispam utilities and drawn angry denunciations of the company's business practices
Registry/registrar changes (Score:3, Interesting)
Frankly I think ICANN should formally seperate the registrars and the root DNS registry. Make these changes to the rules:
Lily Tomlin said it all.. (Score:2)
Here is how you can express your frustration (Score:2)
Duplicity (Score:2)
Views seem (to me) that they will cause similar effects to that of wild cards in the root domains: that answers will not exactly be consistent or authoratiative depending on what you ask and where you ask it.
In my opinion any use of the "views" functions of BIND are better handled by sub-domains.
somesystem.mycompany.com would be used by all p
robots.txt (Score:3, Interesting)
Where is the Opt-Out Function? (Score:2, Insightful)
Sole Remedy.
Your use of the Verisign services is at your own risk. If you are dissatisfied with any of the materials, results or other contents of the Verisign services or with these terms and conditions, our privacy statement, or other policies, YOUR SOLE REMEDY IS TO DISCONTINUE USE OF THE VERISIGN SERVICES OR OUR SITE.
Great.. and exactly HOW do *I* as the defined "user" do that?!
When did I conse
Here ya go (Score:2)
Simply put this in your named.conf, or use the new "include" operation and store these in a separte file.
Due to the lameness of the lameness filter I can't post the list here. Get it from here [rathersimple.com] This is a plain text file signed with GPG.
My web server should be able to handle the load since it's only a 16KB text file. Feel free to mirror
Implementation Changes... (Score:3, Informative)
Unfortunately, despite the fact that they say they aren't collecting e-mail addresses, for the community at large the issue is we now have to trust them to continue to honor that promise. Considering their actions in implementing SiteFinder in a most irresponsible fashion, I'm not sure that trust would be well placed.
Are we having fun yet?
Re:Good (Score:3, Funny)
Re:Why all this fuss about Verisign ? (Score:2)
Wouldn't you have a problem if all misdialed telephone numbers were intentionally directed to "Telemarketers Inc" so that a telemarketer could politely inform you that you misdialed while trying to sell you some Viagra?
Netster (or any other sleazy site-finder service), J-Lo, or your grandma should all should have the same right to demand t
Re:Why all this fuss about Verisign ? (Score:2)
If you've ever helped somebody with computer stuff, you'll know that the first thing you need to ask for is complete and exact error message wording.
Imagine a world where all computers simply put out "error, but here is a nice picture" any time something went wrong. Troubleshooting would be nearly impossible in that world....
Six words... (Score:2)
Re:verisign... who? (Score:2)
Just upgrade bind.. it's easier and more reliable.
The one upside to all of this is that it forced ISC to add a feature that can now be used on all of the other stupid TLDs that do the same thing.
Re:Future of Verisign? (Score:2)
Re:Bind (Score:2)