|
VeriSign - The Sign of the devil.
In the last year or so I've equated VeriSign with the sign of the devil. They seem to go to any length in an attempt to gain/retain customers. Their latest asinine move is adding a wildcard record to the .com and .net top level domain records. What this means is that when a user enters a URL containing a nonexistent top-level domain (in .com and .net), they are returned an IP that points to VeriSign's SiteFinder service presenting the user with a web page and some search functionality. Here is what they claim in their SiteFinder implementation document:
VeriSign's Site Finder service improves the user web browsing experience when the user has submitted a query for a nonexistent second-level domain name in the .com and .net top-level domains. Before this service was implemented, when a user entered a URL containing a nonexistent (e.g., unregistered) domain name ending in .com or .net his or her web browser returned an error message that contained no useful information. With the rollout of Site Finder, in the same situation users now receive a helpful we page offering links to possible intended destinations and allowing an Internet search.
VeriSign refers users to the Site Finder web site through the use of a wildcard address (A) record entry in the .com and .net zones. As explained more fully below, VeriSign's processing of queries for nonexistent domain names is in full compliance with provisions of the DNS protocol that address wildcards as well as the operational best practices described in the document entitled Domain Name Systems Wildcards in Top-Level Domain Zones ("the Guidelines")
They claim they are in full compliance with provisions of the DNS protocol. I'd agree if they weren't mucking around at the top-level. Anyone can add wildcard records to their own zone/domain that they control. But adding it at the top-level is NOT compliance. It highway robbery.
Its like the good old "to serve you better" line. They are falsely claiming that they are providing this service to serve us web surfers better. What they really are doing is trying to get your eyeballs on their website. Furthermore they are breaking hundreds and probably thousands of programs and services that relied on DNS queries returning a FAILED lookup. A failed lookup is a perfectly legitimate response from a DNS service.
I think we should call on all the backbone ISP's and anyone that has any power to put in a bogus route that shoves 64.94.110.11 (the SiteFinder IP address) off to nowhere. At least in that way, some programs and services will find nothing and perhaps continue operating the way they expected. Also, that would keep eyeballs away from VeriSign. Any other ideas, just post a comment here?
Here is a decent writeup by Jasan Garman posted by Mohammad Haque.
Update: Looks like BIND is going to be patched to combat this. NICE.
|
=Online
=Offline