Re: What *are* they smoking?
A wildcard A record in the net TLD.
It's Verisign's return shot at the web browser "couldn't find this page" searches. Doesn't seem to have much by way of advertising yet, but I'm sure that'll change. I heard about this coming from somewhere last week, though I don't recall where. Probably Wired or the WSJ. Verisign wants the revenue that all those typos are generating. It's just the next shot in the eyeball war.
This is sufficiently technically and business slimy that I would null-route that IP, personally. -george william herbert gherbert@retro.com
On Monday, September 15, 2003, at 07:11 PM, George William Herbert wrote:
A wildcard A record in the net TLD.
It's Verisign's return shot at the web browser "couldn't find this page" searches. Doesn't seem to have much by way of advertising yet, but I'm sure that'll change. I heard about this coming from somewhere last week, though I don't recall where. Probably Wired or the WSJ. Verisign wants the revenue that all those typos are generating. It's just the next shot in the eyeball war.
This is sufficiently technically and business slimy that I would null-route that IP, personally.
Nah, just route it to a Linux box with transparent proxy and show your own 'Websites-R-Us' page to your customers.
On Mon, Sep 15, 2003 at 07:17:59PM -0400, Matthew Crocker wrote:
This is sufficiently technically and business slimy that I would null-route that IP, personally.
Nah, just route it to a Linux box with transparent proxy and show your own 'Websites-R-Us' page to your customers.
Or a "VeriSign's business practices" page. Unbelievable where Internet got over the last 10 years. Looks like the last cluons at VeriSign were eaten up by their sales/marketing departments (finally). Now they are "hijacking" two complete gTLD namespaces... VeriSign: WHO DO YOU THINK YOU ARE? And don't try to tell us that you want to "help" users who mistype addresses. You want to make money with typos, that's all. Any "Site Finder" stuff is absurd by itself. Shaking head, Daniel
On Tue, 16 Sep 2003, Daniel Roesen wrote:
VeriSign: WHO DO YOU THINK YOU ARE?
And don't try to tell us that you want to "help" users who mistype addresses. You want to make money with typos, that's all. Any "Site Finder" stuff is absurd by itself.
and their list of justifications for why what they are doing in their whitepaper is just... completely laughable. And so much for the claims their representatives made to the press the other week that it would only impact "web browsing" (as if such a thing were even possible. They clearly are not thinking very well at all of anything beyond HTTP requests made by humans sitting in front of a web browser. Oh, I'm sure their technical people are very aware of all the stuff it will break. But the company doesn't care, why should they? They know very well who they are and what they are breaking.
A wildcard A record in the net TLD.
It's Verisign's return shot at the web browser "couldn't find this page" searches. Doesn't seem to have much by way of advertising yet, but I'm sure that'll change. I heard about this coming from somewhere last week, though I don't recall where. Probably Wired or the WSJ. Verisign wants the revenue that all those typos are generating. It's just the next shot in the eyeball war.
This is sufficiently technically and business slimy that I would null-route that IP, personally.
The bigger issue is DNS troubleshooting.....what a nightmare when a query of the *.gtld-servers.net servers does not return an error. What happens when they change the IP because of null-route'ing of the current IP to a completely different /8 subnet. Who engineered this!!!!! Or better yet, who allowed this blatant commercial use of the TLD servers. </disgusted> Mark Vallar
On Mon, 15 Sep 2003, Mark Vallar wrote:
This is sufficiently technically and business slimy that
I agree completely. Verisign marketing practices are getting worse by the day with introduction of redeption period, fees for non-working international domains, prevention of domain transferes, emails to all their customers (including isp affiliates) advertising their webhosting services, etc.
I would null-route that IP, personally.
The bigger issue is DNS troubleshooting.....what a nightmare when a query of the *.gtld-servers.net servers does not return an error. What happens when they change the IP because of null-route'ing of the current IP to a completely different /8 subnet.
Who engineered this!!!! You can thank the ruthless capitalistic approach of the current Verisign board of directors and their attempts to extract money in every possible way related to .com/.net domains at the registry (verisign-grs) level because
You can potentionally check on what ip(s) are currently set by querying for *.com and *.net (yes "*" is valid name for dns query that should provide info on what is set for as * in zone file). One way to deal with it automnaticly is to have dns server at the time when it started, check the tld zone files that it cashes for '*' and if option is specified, then dns server can return nxdomain for those top-level domains where '*' is present. ISC and other software dns vendors should consider writing thise option for next release and ISP should then implement it. Another way to fight this new scheme is to complain to ICANN and to US Department of Commerce regarding Verisign semi-illegal marketing practices. You might mention that if this continies root tlds may soon return 'A' record for non-existant top level domains (www.verisign.die for example :), after all half the root dns servers are controlled by verisign as well... they are loosing so many domain at the registry level to their competitors. -- William Leibzon Elan Networks william@elan.net
-- On Monday, September 15, 2003 19:30 -0400 -- Mark Vallar <mark@vallar.net> supposedly wrote:
The bigger issue is DNS troubleshooting.....what a nightmare when a query of the *.gtld-servers.net servers does not return an error. What happens when they change the IP because of null-route'ing of the current IP to a completely different /8 subnet.
Anyone wanna patch BIND such that replies of that IP addy are replaced with NXDOMAIN? That solves the web site and the spam problem, and all others, all at once. -- TTFN, patrick
On Mon, 15 Sep 2003, Patrick W. Gilmore wrote:
Anyone wanna patch BIND such that replies of that IP addy are replaced with NXDOMAIN? That solves the web site and the spam problem, and all others, all at once.
I took a look at the Bind 8.3.4 code this afternoon, but couldn't readily find where to do it. I'll take another look later. (Last time I tried it Bind 9 sucked up twice as much server CPU as 8.x) ========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
I took a look at the Bind 8.3.4 code this afternoon, but couldn't readily find where to do it. I'll take another look later.
isc's patch is running internally. if anyone wants to try out our public recursive server, it's name is F.6TO4-SERVERS.NET, and it's running the patch. (we'll release it as soon as we get done with some release engineering goo.) ((no fair declaring a forward zone for com/net pointing at us, by the way.))
(Last time I tried it Bind 9 sucked up twice as much server CPU as 8.x)
we run bind9 on f-root, and it's fine. you should give it another try, since it has gotten faster of late, and so have cpus/memory/motherboards. -- Paul Vixie
On woensdag, sep 17, 2003, at 06:15 Europe/Amsterdam, Paul Vixie wrote:
I took a look at the Bind 8.3.4 code this afternoon, but couldn't readily find where to do it. I'll take another look later.
isc's patch is running internally. if anyone wants to try out our public recursive server, it's name is F.6TO4-SERVERS.NET, and it's running the patch.
So far so good: sequoia# host nanog.net. nanog.net has address 64.94.110.11 sequoia# host nanog.net. F.6TO4-SERVERS.NET Using domain server: Name: F.6TO4-SERVERS.NET Addresses: 2001:4f8:0:2::14 204.152.184.76 Host not found, try again. But I think your patch is working a little too well: sequoia# host nanog.org. nanog.org has address 198.108.1.50 nanog.org mail is handled (pri=0) by mail.merit.edu sequoia# host nanog.org. F.6TO4-SERVERS.NET Using domain server: Name: F.6TO4-SERVERS.NET Addresses: 2001:4f8:0:2::14 204.152.184.76 Host not found, try again. Just when I thought I had a DNS server I could point my IPv6-only hosts to...
Iljitsch van Beijnum wrote:
But I think your patch is working a little too well:
sequoia# host nanog.org. nanog.org has address 198.108.1.50 nanog.org mail is handled (pri=0) by mail.merit.edu sequoia# host nanog.org. F.6TO4-SERVERS.NET Using domain server: Name: F.6TO4-SERVERS.NET Addresses: 2001:4f8:0:2::14 204.152.184.76
Host not found, try again.
I think it's REFUSED rather than NXDOMAIN. odyssey$ dig @f.6to4-servers.net asdfasdf.net a ; <<>> DiG 8.4 <<>> @f.6to4-servers.net asdfasdf.net a ; (2 servers found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 60468 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; asdfasdf.net, type = A, class = IN ;; Total query time: 228 msec ;; FROM: odyssey.isoc.org.il to SERVER: 204.152.184.76 ;; WHEN: Wed Sep 17 16:07:30 2003 ;; MSG SIZE sent: 30 rcvd: 30 odyssey$ Doron
But I think your patch is working a little too well:
sequoia# host nanog.org. nanog.org has address 198.108.1.50 nanog.org mail is handled (pri=0) by mail.merit.edu sequoia# host nanog.org. F.6TO4-SERVERS.NET Using domain server: Name: F.6TO4-SERVERS.NET Addresses: 2001:4f8:0:2::14 204.152.184.76
Host not found, try again.
that's certainly not from the patch, since "org" isn't delegation-only there.
Just when I thought I had a DNS server I could point my IPv6-only hosts to...
that's the purpose of the f.6to4-servers.net server, and if it's not working for you then please send "dig" results and we'll check it out. (not "host", and probably not to "nanog".) -- Paul Vixie
On woensdag, sep 17, 2003, at 19:32 Europe/Amsterdam, Paul Vixie wrote:
Just when I thought I had a DNS server I could point my IPv6-only hosts to...
that's the purpose of the f.6to4-servers.net server, and if it's not working for you then please send "dig" results and we'll check it out. (not "host", and probably not to "nanog".)
It wouldn't talk to me or some others who were helpful enough to send me dig output yesterday. Works fine now, though.
PWG> Date: Mon, 15 Sep 2003 19:40:33 -0400 PWG> From: Patrick W. Gilmore PWG> Anyone wanna patch BIND such that replies of that IP addy PWG> are replaced with NXDOMAIN? That solves the web site and PWG> the spam problem, and all others, all at once. I'd actually go for keeping the A RR for '*.net.' and '*.com.' in an authoritative NS's cache. If any other A RR matches the cached IP address(es), nuke the RRSet and replace with NXDOMAIN. Until then, I guess it's time to null route and check for circumvention. Is AS30060 used for anything legitimate? Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
On Tue, Sep 16, 2003 at 05:32:50AM +0000, E.B. Dreger wrote:
Until then, I guess it's time to null route and check for circumvention. Is AS30060 used for anything legitimate?
we've burned a AS for this, ICK based on the ASNAME, its seems a nice little route-map /dev/null will be real easy. As long as they keep prefixs used in this really dumb idea for this idea. OrgName: VeriSign Infrastructure & Operations OrgID: VIO-2 Address: 21345 Ridgetop Circle City: Dulles StateProv: VA PostalCode: 20166 Country: US ASNumber: 30060 ASName: WILDCARD-VERISIGN ASHandle: AS30060 Comment: RegDate: 2003-07-10 Updated: 2003-07-10 TechHandle: AH678-ARIN TechName: Herrmann, Andrew TechPhone: +1-703-948-3333 TechEmail: aherrmann@verisign.com OrgTechHandle: AH678-ARIN OrgTechName: Herrmann, Andrew OrgTechPhone: +1-703-948-3333 OrgTechEmail: aherrmann@verisign.com
EBD> Date: Tue, 16 Sep 2003 05:32:50 +0000 (GMT) EBD> From: E.B. Dreger EBD> I'd actually go for keeping the A RR for '*.net.' and EBD> '*.com.' in an authoritative NS's cache. If any other A RR s,authoritative,resolver, Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
Hello, IANA Whois Service Domain: a.net Name: IANA_RESERVED Found a referral to whois.iana.org. IANA Whois Service Domain: a.net Name: IANA_RESERVED a.net has address 64.94.110.11 This goes for many of the single letter .com's and .net's Michael...
participants (16)
-
Christopher X. Candreva
-
Daniel Roesen
-
Doron Shikmoni
-
E.B. Dreger
-
George William Herbert
-
Greg Maxwell
-
Iljitsch van Beijnum
-
John Brown
-
Marc Slemko
-
Mark Vallar
-
Matthew Crocker
-
michael
-
Patrick W. Gilmore
-
Paul Vixie
-
Petri Helenius
-
william@elan.net