<div class='os_post_top_link'><a href='http://www.bizreport.com/article.php?art_id=4929' target='_blank'>http://www.bizreport.com/article.php?art_id=4929</a><br /><br /></div>This has nothing to do with Pocket PCs, but it's very interesting for the impact that it might have on the way people do searches and find sites. I don't know how many people misspell "pocketpcthoughts", but if they get it wrong, their browser tells them as much. But what if, instead, they're taken to a page listing off paid-for entries related to the domain name? That person might never try to find this site if they start clicking on other links. What's strange is that I tried this on a few typo'd domain names yesterday, and it worked - but today I can't seem to bring up the Verisign page that this article talks about. See if you can do it. ;-)<br /><br />"VeriSign Inc. today used its power as the operator of the "dot-com" and "dot-net" Internet domains to redirect a torrent of valuable "junk" Internet traffic away from Microsoft and America Online into its own proprietary search page. Once VeriSign finishes installing the system virtually any Internet surfer in the world who enters an incorrect Internet address ending in .com or .net into their browser will be funneled into the Mountain View, Calif.-based Internet giant's newly christened "Site Finder" service. VeriSign expects to complete the installation before midnight Monday.<br /><br />VeriSign confirmed last week it was testing the system, rankling officials at Microsoft and America Online, both of which lose a source of traffic -- and revenue -- to their own in-house redirection pages. At stake is control of a large amount of valuable Internet traffic. Every second, somewhere in the world, someone types an incorrect address into their Internet browser and gets bounced to a Web page he or she didn't want. VeriSign says it handles more than 20 million incorrect queries every day."

It's evil. :evil: Evil evil evil. They're breaking DNS for their commercial profit. I avoid them as a registrar at all costs nowadays -- Network Solutions is a huge hassle anyway.

--janak

I get a 404 if I misspell 'pocketpcthoughs' :)

Pardon my ignorance, but how do domain names work? Are they centrally regulated like IP addresses?

Pardon my ignorance, but how do domain names work? Are they centrally regulated like IP addresses?
Sort of. ICANN (www.icann.org) is the DNS equivalent of IANA (www.iana.org) -- it delegates responsibility to registrars. IMHO VeriSign is abusing their privilege, but I'm not an expert on the legal structures of DNS nowadays ever since it was decentralized. It's a fairly complex setup -- and I haven't even touched upon the technical aspects of DNS, which is another thing entirely.

--janak

I avoid them as a registrar at all costs nowadays -- Network Solutions is a huge hassle anyway.

Yeah, you and everyone else. :wink: I haven't used them for years - they're a relic, a dinosaur from a different age. I use www.thenic.com now, but since so much of the domain manipulation happens through OpenSRS now, it doesn't matter all that much which domain you use. GoDaddy looks pretty sweet though too...

That's why they're doing this of course - they lost the domain name registration wars, and they're desperate for more profit.

That's why they're doing this of course - they lost the domain name registration wars, and they're desperate for more profit.
Yes, but heaven forbid they try to do it legitimately -- like perhaps making their website actually useable? :roll: Register.com is what I use -- it's easy, very centralized -- I can manage all the domains from one login yet have different billing addresses for each, they provide free DNS, etc. (It isn't the cheapest, but that's not a problem for me.) They also make it a snap to switch. I'll never do business with NSI again.

--janak

That's why they're doing this of course - they lost the domain name registration wars, and they're desperate for more profit.
Yes, but heaven forbid they try to do it legitimately -- like perhaps making their website actually useable? :roll: Register.com is what I use -- it's easy, very centralized -- I can manage all the domains from one login yet have different billing addresses for each, they provide free DNS, etc. (It isn't the cheapest, but that's not a problem for me.) They also make it a snap to switch. I'll never do business with NSI again.

--janak

It's a much larger problem than just profit:

http://www.iab.org/Documents/icann-vgrs-response.html
(check out the names on that mail!)

and

Paul Hoffman, Director, Internet Mail Consortium:

"ICANN should demand that VGRS immediately stop giving incorrect answers to
any query in .com and .net, and should instead follow the IETF standards.
If VGRS refuses, ICANN should re-delegate the .com and .net zones to
registries that are more willing to follow the DNS standards."


And:


Charles Oriez, AITP Legislative Committee:

One of my peer zones had a typo'ed MX record. Before VeriSign's sabotage (yes, sabotage) the lookup of the corresponding address record would simply fail with NXDOMAIN. The source MTA would then try to deliver to the secondary MTAs on the list of MX records in order of priority. Mail delivery would proceed normally using the secondary MTA(s).

However to my complete and utter astonishment, 64.94.110.11 has a working MTA listening on port 25 (why???). This means that any MX records with typos in the primary record will have all their e-mail redirected to VeriSign's MTA. Mail that would normally automatically be re-routed to the secondary MTA instead now gets bounced by Verisign's ''Snubby Mail Rejector Daemon v1.3''. Not returning NXDOMAIN will break mail delivery to secondary MTAs.

And what about spam filters? It will break any spam filter that tries to
verify that the source MTA hostname claimed in the HELO request is
resolvable (i.e. that the claimed HELO name is not fictious). --

This action by Verisign breaks anti-spam features and e-mail recovery.

I

It's a much larger problem than just profit:
Oh, believe me, I know. As far as I can tell they're violating the DNS RFCs, and in addition to backup MXes, they'll also break a lot of spiders and other tools that are out there. It's just plain wrong -- but that's why I said they were evil at the beginning. ;) I hope ICANN can wield a cluestick, but they're a politically convoluted organization themselves. :(

--janak

A big legitimate company like VeriSign, doing something as petty as this...&lt;sigh> leaves a bad taste in my mouth.

I liken this to websites of academic institutes who have those pop-up "spycam" ads.

Shows you how much respect they have for themselves.

GoDaddy looks pretty sweet though too...

I use GoDaddy and let me say their domain management tools kick major butt! I LOATHE Versign I still get mailers from them saying "Your Domain is about expire!" and some of them I have locked up until 2009!

I LOATHE Versign I still get mailers from them saying "Your Domain is about expire!" and some of them I have locked up until 2009!
Why don't you move them over? I believe a lot of registrars will assume the contract if you agree to extend it 1 more year.

--janak

I LOATHE Versign I still get mailers from them saying "Your Domain is about expire!" and some of them I have locked up until 2009!
Why don't you move them over? I believe a lot of registrars will assume the contract if you agree to extend it 1 more year.

--janak
That's just it I did move them and I STILL get mailers!!! :lol:

I'm posting this with as much enthusiasm as is humanly possible. I take every opportunity I can to express this.....Verisign is scum of the earth!!

One of the most frustrating experiences I have ever had was trying to get Verisign out of my life. Don't go near them! Stay away at all cost!

Dave

Sort of. ICANN (www.icann.org) is the DNS equivalent of IANA (www.iana.org) -- it delegates responsibility to registrars. IMHO VeriSign is abusing their privilege, but I'm not an expert on the legal structures of DNS nowadays ever since it was decentralized. It's a fairly complex setup -- and I haven't even touched upon the technical aspects of DNS, which is another thing entirely.
Please do - when I type 'www.pocketpcthoughts.com' in my address bar, what happens? :?

http://www.emailaddresses.com/forum/showthread.php?s=&threadid=15798 (links to slashdot/NYTimes after it went live Monday, and NANOG discussions, and the long-running debates w/ ICANN/IAB Karen mentioned)

I'm guessing it's more from VeriSign's control of the right root servers (but I wouldn't know the first thing how it would work via the complexities of the decentralized infrastructure of delegated zones, as Janak said). But if they brute force such DNS config change it's gotta be "illegal" in some way?

That's why they're doing this of course - they lost the domain name registration wars, and they're desperate for more profit.
Yes, but heaven forbid they try to do it legitimately -- like perhaps making their website actually useable? :roll: Register.com is what I use -- it's easy, very centralized -- I can manage all the domains from one login yet have different billing addresses for each, they provide free DNS, etc. (It isn't the cheapest, but that's not a problem for me.) They also make it a snap to switch. I'll never do business with NSI again.To be fair NetSol's new web interface IMHO is not that bad... And businesswise-speaking unfortunately last I saw Register.com seems to continue losing share? I don't expect the Big 3 to match GoDaddy's frenetic growth, but Tucows can rely on its healthy OpenSRS strongbase (as can eNom w/ its reseller network) and VeriSign of course is much more large/varied as a company...?

Nowadays admittedly I mostly just use eNom (or resellers like RegisterFly, NameCheap) and GoDaddy. Cheap enough ($8-10), robust growing, and should be safe as SotD top-10 accredited registrars...

P.S. To also be fair, maintainers of other TLDs (like I think .us and/or .biz) have done similar things I hear? But I thought .com/.net are no longer in VeriSign's sole control?

And I admit I'm not necessarily outraged w/ how this impacts MSN/AOL typo search services, but the point is that VeriSign's method exploits the low-level DNS function, and that's something you don't want to let happen...

I had forgotten all about Verisign, thought they had gone the way they deserved ages ago. I remember a scam they tried a while ago to try to trick people into switching their domains to them. No-one should do business with Verisign, there are much better companies to work with.

For domain names, I used to use register.com, but now use Go Daddy. Good service, great price. No need for anything else.

I had forgotten all about Verisign, thought they had gone the way they deserved ages ago. I remember a scam they tried a while ago to try to trick people into switching their domains to them. No-one should do business with Verisign, there are much better companies to work with.

For domain names, I used to use register.com, but now use Go Daddy. Good service, great price. No need for anything else.

They still do it. I've never had my domains with them, yet I still got a 'renewal notice' from them a few months ago that was designed to look like a bill. Even knowing what it was, I couldn't find anywhere on the form that it clearly explained that by sending it in, you were changing registrars. I can only imagine how many people would just pay it because they wouldn't realize it isn't their current registrar and they wouldn't want to lose their domain name.

I recently moved the last of my domains to GoDaddy. They have a great interface and you can't beat the price.

&lt;sigh>

I still have a bunch of domains registered with them...

I really have to move them (one of these days)...

Steve

I guess I'll go through this thread and use it (and your suggestions) as a starting point to find a new registrar...

I'm guessing it's more from VeriSign's control of the right root servers (but I wouldn't know the first thing how it would work via the complexities of the decentralized infrastructure of delegated zones, as Janak said). But if they brute force such DNS config change it's gotta be "illegal" in some way?
So, from some brief reading today, apparently VeriSign is still authoritative for .com and .net, and only those two -- and I guess other registrars register their domains with VeriSign's registries? Yes, ICANN believes changing the behavior is illegal, but the problem is that they've been historically rather slow to move on things like this. :?

--janak

Please do - when I type 'www.pocketpcthoughts.com' in my address bar, what happens? :?
The long version will take an hour and a whiteboard. Here's a relatively short version.

Simply, DNS is hierarchical. Here's what happens.

1. Your machine asks your ISP's DNS server to find www.pocketpcthoughts.com.

2. The ISP's DNS server asks the "root servers" (there are ~ 26 of them) to tell it who answers queries for ".com". The root servers will ultimately respond and say, "VeriSign" (rather, the IP for it). The root servers' IPs are preprogrammed into the DNS server, as they only update rather rarely.

3. The ISP's DNS server then asks the ".com" name server to give it the address of the name server that resolves answers for hostnames in the "pocketpcthoughts.com" domain. The ".com" name server looks that value up in the database -- it's the DNS servers that are listed in the WHOIS record for the appropriate domain.

4. The ISP's DNS server then asks the name server that's authoritative for "pocketpcthoughts.com" for the precise address for "www.pocketpcthoughts.com", and hopefully gets it back. In case the first nameserver is down, it queries the second one -- that's why two are commonly required.

5. The ISP's DNS server returns the IP of "www.pocketpcthoughts.com" to your computer.

Mind you, you can have your own DNS server running to do all the work, and there are advantages and disadvantages of doing so. DNS is extremely flexible, and it's a testament to Jon Postel and others that it's managed to scale so well over the last 20+ years... although it does need some revisions now (especially in the naming policy issues which we're experiencing today). What VeriSign is doing is messing with #3:

"3a." If VeriSign finds the domain name, it returns the name servers for that domain. Otherwise, it returns a special server in its network as the appropriate name server to query.

The latter part is what's terribly wrong, as you're supposed to return a "not found" result if the domain doesn't exist.

--janak

Yeah I recall GoDaddy (and many others I assume) publicizing and fighting VeriSign's past actions such as the deceptive renewal baits...

Also, I had a ccTLD domain w/ VeriSign (NetSol) that I'd transferred to eNom. But VeriSign's system somehow kept the old WHOIS data from my original registration there active. Can't remember the technicalities involved but this remained the active WHOIS in the Registry (even now maybe) and eNom could only suggest I go harass VeriSign...

Anyways I recommend people just try other registrars. I'd also tried like directNIC, Dotster, etc (and several small reseller registrars)... I'm just used now to eNom's featureset and dynDNS, but I also like to complement w/ 3rd-party DNS managers like ZoneEdit, MyDomain, etc (if you don't already have a full-featured webhost that is)...

Excellent, thanks Janak :) I'm no expert, have a few layman questions/observations:

- the 26 root servers you mentioned, does that include the traditional 13 root-servers plus the toplevel gtld-servers (of which VeriSign controls some) -- but not the toplevel authoritative servers for ccTLDs? I don't know the details (would like to), I'd thought some of the root servers are also authoritative for the most common gTLDs but looks like that's not the case...? Maybe I'm just confusing myself.

- maybe you should clarify that the list of authoritative nameservers that a toplevel nameserver stores for a delegated zone is actually separate from WHOIS data?

- also clarify that nameservers aren't set in any particular order (unlike say, MX records). I'd once thought it was just the case of the first nameserver that answers a query, but looks like their RTT values are stored between queries and actively depreciated relative to the shortest RTT server? http://www.acmebw.com/askmrdns/archive.php?question=3

And to complete the explanation of DNS lookup traversals how about some description of recursive vs. iterative queries, combining primary master w/ secondary master (i.e. slave) nameservers via zone transfer, etc? :mrgreen:

EDIT: Maybe I should actually read my copy of DNS & BIND :D

Here's a balanced overview by Politech's Declan McCullagh (just saw from the other thread): http://news.com.com/2100-1032-5077530.html
Covers all the facets including how it will impact many everyday people in different ways...

First off, I'm no DNS god :)

- the 26 root servers you mentioned, does that include the traditional 13 root-servers plus the toplevel gtld-servers (of which VeriSign controls some)
No, no. :oops: I completely forgot the count. The half-alphabet confuses me. ;) There are 13. I don't think VeriSign controls any of the root, but I'm not sure. They're rather scattered around.

- maybe you should clarify that the list of authoritative nameservers that a toplevel nameserver stores for a delegated zone is actually separate from WHOIS data?
You just did. ;)

- also clarify that nameservers aren't set in any particular order (unlike say, MX records).
Right. Good call.

And to complete the explanation of DNS lookup traversals how about some description of recursive vs. iterative queries, combining primary master w/ secondary master (i.e. slave) nameservers via zone transfer, etc? :mrgreen:
Hey, I have work to do, man! :D

EDIT: Maybe I should actually read my copy of DNS & BIND :D
I need to reread mine. ;)

--janak

Progress update

http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html
http://news.com.com/2100-1032_3-5080384.html

Yeah, today I was wondering. I accidentally typed:

http://www.pocketpcthought.com

with the 's' at the end, and it came up with VeriSign. I was very confuzzled because Microsoft normally says "We cannot find that page, is one of the following what you were looking for"

Hmm..

-Justin.

Woo hoo!!
VeriSign shuts down Web site finder (http://www.cnn.com/2003/TECH/internet/10/03/verisign.icann.reut/index.html)

Yup :D ICANN finally bared its teeth. Let's hope it's permanent.

--janak

Awesome :way to go: But they make it sound a temporary measure?

Must have been very temporary because that VeriScum Garbage Screen still appears for me! :soapbox:

Must have been very temporary because that VeriScum Garbage Screen still appears for me!
The change should take effect at 6pm tonight, although due to DNS's decentralized nature it may take a little time for you to notice it.

--janak

So what's up with the redirect I get when I accidentally type http:://my.yahoo.com into my browser? Do you guys get redirected to some "surveys" site? (Note the extra colon in the address...)

So what's up with the redirect I get when I accidentally type http:://my.yahoo.com into my browser? Do you guys get redirected to some "surveys" site? (Note the extra colon in the address...)
Nope. SiteFinder is now down, and I get the usual DNS error. Most webbrowsers will parse the URL you entered as looking for something on a website called "http", which of course doesn't exist.

--janak

Ah - turns out it was domain-guessing in Mozilla. Weird. Turned off THAT "feature". :oops:

Try entering something like "%1" into mozilla/firebird ;)