Recognizing that I am not an 'expert', I have got to ask just one question. Can these people at Verisign really think that they know better than all of the real experts that have worked with/on the DNS over the years. It seems rather silly to assume that a few people have more knowledge than the collective community. Furthermore, I feel that Ray makes an excellent point in that the concensus seems to be that we, as the Internet community, do _NOT_ want this type of tinkering with something that works very well; especially since the purpose is to increase advertising revenue. Verisign is clearly acting against the concensus. What effective action can we take as a collective group to get the point across that we will not tollerate this type of behavior? Dan -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Ray Bellis Sent: Thursday, October 16, 2003 8:08 To: nanog list Subject: Site Finder Quoting Rusty Lewis from http://verisign.com/corporate/news/2003/pr_20031007b.html?sl=070804 "We will continue to take feedback from both Internet users and the technical community on how we can ensure that the service is available for the many Internet users who clearly like it." Well that's very simple Rusty - stop screwing around with *our* DNS and write a plugin for IE to catch NXDOMAIN, just like the Google toolbar does. That'll allow 90% of the browsing population a *choice*, something the wildcard clearly does not. Ray -- Ray Bellis, MA(Oxon) - Technical Director community internet plc - ts.com Ltd Windsor House, 12 High Street, Kidlington, Oxford, OX5 2PJ tel: +44 1865 856000 email: ray.bellis@community.net.uk fax: +44 1865 856001 web: http://www.community.net.uk/
They claim to be representing the "USER" community and to know better than we what they end users want. They think we're just a bunch of geek engineers that are unwilling to embrace new ideas. Most of all, they think they can make money this way, and, they don't really care about anything else. They're just trying to manipulate things so that the backlash doesn't cause them too much difficulty as they inflict this on the internet. Owen --On Thursday, October 16, 2003 9:04 AM -0700 Dan Lockwood <dlockwood@shastalink.k12.ca.us> wrote:
Recognizing that I am not an 'expert', I have got to ask just one question. Can these people at Verisign really think that they know better than all of the real experts that have worked with/on the DNS over the years. It seems rather silly to assume that a few people have more knowledge than the collective community. Furthermore, I feel that Ray makes an excellent point in that the concensus seems to be that we, as the Internet community, do _NOT_ want this type of tinkering with something that works very well; especially since the purpose is to increase advertising revenue. Verisign is clearly acting against the concensus. What effective action can we take as a collective group to get the point across that we will not tollerate this type of behavior?
Dan
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Ray Bellis Sent: Thursday, October 16, 2003 8:08 To: nanog list Subject: Site Finder
Quoting Rusty Lewis from http://verisign.com/corporate/news/2003/pr_20031007b.html?sl=070804
"We will continue to take feedback from both Internet users and the technical community on how we can ensure that the service is available for the many Internet users who clearly like it."
Well that's very simple Rusty - stop screwing around with *our* DNS and write a plugin for IE to catch NXDOMAIN, just like the Google toolbar does.
That'll allow 90% of the browsing population a *choice*, something the wildcard clearly does not.
Ray
-- Ray Bellis, MA(Oxon) - Technical Director community internet plc - ts.com Ltd
Windsor House, 12 High Street, Kidlington, Oxford, OX5 2PJ tel: +44 1865 856000 email: ray.bellis@community.net.uk fax: +44 1865 856001 web: http://www.community.net.uk/
Owen DeLong wrote:
They claim to be representing the "USER" community and to know better than we what they end users want. They think we're just a bunch of geek engineers that are unwilling to embrace new ideas. Most of all, they think they can make money this way, and, they don't really care about anything else. They're just trying to manipulate things so that the backlash doesn't cause them too much difficulty as they inflict this on the internet.
I wonder how eager they would be to implement wildcards if restricted from making any revenue from the service the wildcard points to (ie. sitefinder). While I agree that handling of NXDOMAIN needs to improve, such handling must be done by the application. Popular browsers have already started doing this. While it is possible for the servers pointed to by a wildcard to handle individual services, it is impossible for said servers to handle all services currently in use and likely to be implemented. If the servers discard packets, then they will place applications in a wait timeout with no explanation as to why. If they rejected connections, then applications will operate as if the remote service were down and not that the remote server itself was unresolvable. There are, of course, minor irritations with a wildcard concerning email. There are also privacy concerns, especially if the servers the wildcard points to handle the smtp connection. It was previously stated that the servers did not log the smtp connection information, but there were no protections given to say that this wouldn't change. I find it sad that Verisign believes they can actually dictate what my customers see better than I can. Worst of all, Versign has to realize that the bind patches WILL be used if wildcarding is reimplemented by them and the resulting issues from use of the patch will a direct result of Verisign's actions. -Jack
I have a good one, when was the last tiema telco asked any of us, or anyone for that matter, how to handle an NPA-NXX assignment? or LERG? NEVER. We're not qualified to make decisions like that because we don't know what the effects could or would be. Likewise VeriSign obviously doesn't, nor do the general populace. As many have suggested if VeriSign wants to do this they can as a browser plugin or feature. I for one am going to dumping all traffic bound to SiteFinder. --On Thursday, October 16, 2003 9:38 AM -0700 Owen DeLong <owen@delong.com> wrote:
They claim to be representing the "USER" community and to know better than we what they end users want. They think we're just a bunch of geek engineers that are unwilling to embrace new ideas. Most of all, they think they can make money this way, and, they don't really care about anything else. They're just trying to manipulate things so that the backlash doesn't cause them too much difficulty as they inflict this on the internet.
Owen
--On Thursday, October 16, 2003 12:57 -0600 Michael Loftis <mloftis@wgops.com> wrote:
I have a good one, when was the last tiema telco asked any of us, or anyone for that matter, how to handle an NPA-NXX assignment? or LERG?
This isn't necessarily a great analogy for this situation. It is likely Verisign thinks of themselves as the phone company in this case and us as the consumers that don't know.
NEVER. We're not qualified to make decisions like that because we don't know what the effects could or would be. Likewise VeriSign obviously doesn't, nor do the general populace. As many have suggested if VeriSign wants to do this they can as a browser plugin or feature.
I don't think any phone company would ever consider routing all of the invalid NPA-NXXs to an answering machine that plays recorded advertising for the user.
I for one am going to dumping all traffic bound to SiteFinder.
Nah... Don't do that. Dump all traffic coming FROM SiteFinder. That way, it ties up their resources, while still achieving the same effect. (Wonder if I can figure out how to get a router to forward a packet and still generate an admin-prohibited back to the source :-) Owen
--On Thursday, October 16, 2003 9:38 AM -0700 Owen DeLong <owen@delong.com> wrote:
They claim to be representing the "USER" community and to know better than we what they end users want. They think we're just a bunch of geek engineers that are unwilling to embrace new ideas. Most of all, they think they can make money this way, and, they don't really care about anything else. They're just trying to manipulate things so that the backlash doesn't cause them too much difficulty as they inflict this on the internet.
Owen
On Thu, 16 Oct 2003, Owen DeLong wrote:
--On Thursday, October 16, 2003 12:57 -0600 Michael Loftis <mloftis@wgops.com> wrote:
I have a good one, when was the last tiema telco asked any of us, or anyone for that matter, how to handle an NPA-NXX assignment? or LERG?
This isn't necessarily a great analogy for this situation. It is likely Verisign thinks of themselves as the phone company in this case and us as the consumers that don't know.
Besides, the FCC and the phone companies frequently ask the public for comment concerning the North American Numbering Plan administration. They also act and change based on those comments. Unlike the NSI situation, the FCC has changed NANP administrators several times, and generally issues a 1 year contract with an option to renew for successive years. Its also clear the NANPA doesn't "own" the north american numbering plan or the databases used to administer it.
I for one am going to dumping all traffic bound to SiteFinder.
One (operational) suggestion. Kindly return an icmp [net|host|port] unreachable, not just a route to /dev/null. Just a thought about the (waste of) client retrys and timeouts. Thank you, -bryan bradsby ====================== "The lawgiver, of all beings, most owes the law allegiance. He of all men should behave as though the law compelled him. But it is the universal weakness of mankind that what we are given to administer we presently imagine we own." -- H.G. Wells
My bad I should've been more specific, that is indeed what I will personally be doing on any networks that I can, which should be basically everything. I'm also considering the other alternative suggested by some, which is to push traffic to a host of my own. I will have to do something about email bound for mis-spelled domains because I do not and will not trust some anonymous third party even with my users mis-spelled domain names. So I think one way or another I'm going to be forced into doing work that I don't have time, nor desire to do, just to provide my users with the services they expect. As I'm sure a number of places are going to have to do. Not really networking related -- but -- when VeriSign had SiteFinder turned on before I experienced markedly larger mail queues because of brain-damaged Snubby and/or mail rejector. Not really a problem for my MTA, but more of an issue that I can only imagine how much this caused really big ISPs like AOL to increase the amount of email in their outbound queues. --On Thursday, October 16, 2003 2:20 PM -0500 Bryan Bradsby <Bryan.Bradsby@capnet.state.tx.us> wrote:
I for one am going to dumping all traffic bound to SiteFinder.
One (operational) suggestion.
Kindly return an icmp [net|host|port] unreachable, not just a route to /dev/null.
Just a thought about the (waste of) client retrys and timeouts.
Thank you, -bryan bradsby
-- Undocumented Features quote of the moment... "It's not the one bullet with your name on it that you have to worry about; it's the twenty thousand-odd rounds labeled `occupant.'" --Murphy's Laws of Combat
participants (6)
-
Bryan Bradsby
-
Dan Lockwood
-
Jack Bates
-
Michael Loftis
-
Owen DeLong
-
Sean Donelan