This is outrageous, both in breaking DNS, and in abusing monopoly power. Other references: http://gnso.icann.org/mailing-lists/archives/ga/msg00311.html http://www.icann.org/correspondence/lynn-message-to-iab-06jan03.htm http://www.merit.edu/mail.archives/nanog/2003-01/msg00050.html What can be done besides complaining to ICANN? comments@icann.org Neal McBurnett http://bcn.boulder.co.us/~neal/ Signed and/or sealed mail encouraged. GPG/PGP Keyid: 2C9EBA60 On Tue, Sep 16, 2003 at 12:01:12AM -0400, Yakov Shafranovich wrote: > I am forwarding this message from the ASRG list. If you haven't heard it > yet, Verisign has activated their "typos" DNS service for .COM and .NET. > > -------- Original Message -------- > Subject: [Asrg] Verisign: All Your Misspelling Are Belong To Us > Date: Tue, 16 Sep 2003 03:10:52 +0200 > From: Brad Knowles <brad.knowles@skynet.be> > To: IRTF ASRG <asrg@ietf.org> > > Folks, > > This was just posted to the NANOG mailing list. There are > already people who are working on hacking BIND to return NXDOMAIN for > wildcard records in TLD zones, or perhaps for any reference to the > specific IP address(es) they are using (so far, we only know about > 64.94.110.11). Meanwhile, many are already null-routing this IP > address. > > This affects us, because now anyone can send spam with an address > like "i@spam.from.verisign.becausethisdomaindoesntreallyexist.net", > and yet still have that pass standard anti-spam checks like "Does > this domain really exist in the DNS"? > > > Another one for the service provider BCP, I think. > > > Anyway, the full message announcing this "enhancement" is: > > >Date: Mon, 15 Sep 2003 19:24:29 -0400 > >From: Matt Larson <mlarson@verisign.com> > >To: nanog@nanog.org > >Subject: Change to .com/.net behavior > > > > > >Today VeriSign is adding a wildcard A record to the .com and .net > >zones. The wildcard record in the .net zone was activated from > >10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is > >being added now. We have prepared a white paper describing VeriSign's > >wildcard implementation, which is available here: > > > >http://www.verisign.com/resources/gd/sitefinder/implementation.pdf > > > >By way of background, over the course of last year, VeriSign has been > >engaged in various aspects of web navigation work and study. These > >activities were prompted by analysis of the IAB's recommendations > >regarding IDN navigation and discussions within the Council of > >European National Top-Level Domain Registries (CENTR) prompted by DNS > >wildcard testing in the .biz and .us top-level domains. Understanding > >that some registries have already implemented wildcards and that > >others may in the future, we believe that it would be helpful to have > >a set of guidelines for registries and would like to make them > >publicly available for that purpose. Accordingly, we drafted a white > >paper describing guidelines for the use of DNS wildcards in top-level > >domain zones. This document, which may be of interest to the NANOG > >community, is available here: > > > >http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf > > > >Matt > >-- > >Matt Larson <mlarson@verisign.com> > >VeriSign Naming and Directory Services