On Wed, 17 Sep 2003, Paul Vixie wrote:
So, Verisign just returns a NS pointer to another name server Verisign controls which then answers the queries with Verisign's "helpful" web site.
Half-life of the patch: 1 day?
i don't think so. verisign is on public record as saying that the reason they implemented the wildcard was to enhance the services offered to the internet's eyeball population, who has apparently been clamouring for this.
Verisign is on public record as saying many things over the years. Following Internet Standards and to improve performance for all Internet users, what if Verisign decided to start including other A records directly in the .COM/.NET zones? For example, the A records for the servers for the .COM/.NET zones? Or "interesting" sites that Verisign has a relationship with? What would it do to website's Keynote performance to eliminate another name lookup by having their www.something.com records served directly from Verisign's gtld-servers? Of course, ISC's non-standard BIND change will break Verisign's attempt to "improve" the Internet's performance by including A records in the .COM/.NET zones. Verisign's lobbyists are 3,000 miles closer to Washington DC than ISC's lobbyists. And history has demonstrated what Verisign lacks in Internet clue, they make up for in Washington clue. I wouldn't be surprised if tomorrow, Verisign is the playing the victim and calling ISC the out-of-control hooligans.