Given you had the power to add any entry you like to the DNS directory because you have been appointed to run the .com and .net TLDs, which one would it be? A wildcard redirecting all requests to unregistered (read: mistyped) domain names to your site, advertising your services or serving paid search results, right. Versign, notorious for exploiting the DNS infrastructure to its own advantage ever since, did just that: requests to unregistered domain names get resolved into 64.94.110.11, http://sitefinder.Verisign.com/index.jsp. It serves you with a web search result set for your mistyped or unknown term. In plain English: Versign claimes all non-registered .com and .net domain names for itself. Let's have a look what this means, apart from the obvious unfair competition:
- Technically, all .com and .net domain names now exist, and except for a infinitesimal portion, they are all owned by Versign
- With the wildcard in place, DNS does not work as specified, it basically is broken. DNS is a core part of the internet infrastructure and not an advertising tool
- Without "Hostname unknown" errors, tools like web browsers, ping and traceroute don't show the expected behaviour. Once the Verisign infrastructure is not reachable, one has no possibility to discern a non-existing domain name from an unreachable host
- This is a feast for spammers: many mail servers check if the domain the mail originates from exists and reject mails with spoofed envelope senders. Now, they all exists, and all mails from .com or .net domains, existing or not, travel free
- Even more, as reported on Slashdot, "64.94.110.11 has a working MTA listening on port 25. This means that any MX records with typos in the primary record will have all their e-mail redirected to Verisign's MTA. Mail that would normally automatically be re-routed to the secondary MTA instead now gets bounced by Verisign's ''Snubby Mail Rejector Daemon v1.3''. Not returning NXDOMAIN will break mail delivery to secondary MTAs." And technically, nothing keeps Verisign from harvesting instead of bouncing mails sent to unregistered domain names
- Effects (or non-effects) on search engines and web spiders could be interesting to observe. In any way, the measure will result in increased overall internet traffic
Don't like it? Don't use it (or send them some strange messages via HTTP):
"Your use of the Verisign services is at your own risk. if you are dissatisfied with any of the materials, results or other contents of the Verisign services or with these terms and conditions, our privacy statement, or other policies, your sole remedy is to discontinue use of the Verisign services or our site." - Verisign Terms of Service
So far, just four DNS root servers seem to be affected, and it is not clear if the wildcard is here to stay (probably not). But four servers are enough to finally make clear that Verisign in no way serves the net, but endangers its infrastructure and freedom for the sake of own profits. com and net TLD operations should be handed over to nonprofit organizations similar to PIR that operates the org TLD in order to prevent further conflicts of interests and breaches of trust.
Write a comment