Nicklas Johnson · morons.org - Verisign Abuses Root Servers for its Commercial Gain

Editorial: Verisign Abuses Root Servers for its Commercial Gain

Please Support our Featured Partners!

YouHaveBO.com: The Internet's Premier Anonymous BO Notification Service
Overheard in SF: Heard inbetween the rabbit squeezing and the carrot munching
Want Your Link Here?: Find out how to get free advertising with our partnership program!

Control of the Internet's root servers isn't something to be taken so lightly. It's a responsibility that clearly Verisign is incapable of living up to...
Posted by angry spatula on Sep. 16, 2003 08:42 UTC
18 comments from readers. Join the discussion!

Whenever you make a request for a web page, say web.morons.org, and the numerical address for that named page isn't cached with your ISP already, your request must be forwarded on to the Internet's root servers. The root servers for .com, .net, .biz, .org, .info and so-on have a record of where the requester can find the answer to the question. For example, the .org server knows that questions about morons.org can be found on the morons.org server. The request is then sent to the appropriate server.

As you might imagine, those who control the major root servers weild a huge amount of power and also have a great deal of responsibility. Domain information must be accurate and kept up-to-date. The servers must be kept in good technical running order and resistant to attacks. Operation of a key component of the Internet is not a task to be taken lightly. Sadly, Verisign, which manages the .com and .net domains, takes its responsibility in vain.

They've started resolving all unknown domains to themselves. Why? To make money off people who make typos or who are looking to see if a domain is in use. Mind you, the scores of other registrars who sell domains for .com and .net don't have this power. Only Verisign can do this. Only Verisign, in whom all the power and responsibility for running .com and .net is vested, has the capability to show people who make typos a web page to sell them something.

You can see this for yourself with the nslookup tool or an nslookup gateway (search for A and PTR records below respectively):

nslookup someDomainNameThatIsCertainNotToExistHugalaguhagug.com Name: someDomainNameThatIsCertainNotToExistHugalaguhagug.com Address: 64.94.110.11

nslookup 64.94.110.11 Name: sitefinder-idn.verisign.com Address: 64.94.110.11

Try it for any number of domains and you'll see the same result. Amusingly enough, since Verisign opened the floodgates of typos the web site at that IP address has been unavailable.

Which brings me to another interesting point. They've sorta short themselves in the foot in their arrogance. Every silly bogus domain name on the web resolves to them. Every address containing the word NOSPAM resolves to them. Every cloaked or spoofed address on IRC resolves to them. All your spam are belong to Verisign. All your Distributed Denial of Service Attacks are belong to Verisign. Not only is Verisign arrogant, but they're also stupid.

Verisign has gone way out of line here in abusing the power that was vested in them for commercial gain. No single company should ever have this kind of power over the Internet. We'd all be much better off if the root servers were managed by ICANN or the IETF directly, not by these bozos.

---Nick

Find similar articles

You must wait 7 minutes, 30 seconds before posting is permitted (5 minutes, 53 seconds remain).

Posted by anon_ on Sep. 16, 2003 08:58

They're evil, but not stupid -

In all likelyhood, email to these domains never gets processed. It's they web traffic they want.

spatula: It almost certainly doesn't, but the addresses are still out there for spiders...

Posted by natax on Sep. 16, 2003 09:27

holy crap. How is this legal? Isn't this creating a monopoly? It's using a unique situation to squash fair competition...

spatula: To say nothing of breaking several RFCs, yes.

natax: RFC? I have a sense that I should know this acronym, being a webmaster by...

spatula: Request For Comments http://www.rfc-editor.org/

Posted by spatula from the morons.org lair on Sep. 16, 2003 09:50

You can read the response the Internet Architecture Board had to Verisign's nonsense.

GWTPict: Very polite, I'd have gone for 'You dozy wankers'. While not technically very...

Posted by Entity on Sep. 16, 2003 13:12

Perhaps Nick hit the nail on the head and Verisign is run by Cats.

Take off every zig.

G-Do: EVERY zig.

Posted by Daniel on Sep. 16, 2003 13:14

If this was harmless, I would be inclinded to say 'let them get away with it' but it clearly isn't. It seems to break all sorts of things.

Did they pre-announce this in any way to give people a chance to point out the problems in advance? If not, then they deserve everything they get!

Rick: A short list of things it breaks: 1. Basic DNS protocol 2. A lot of spam...

Posted by Pansy Bedwetter on Sep. 16, 2003 15:32

The servers in question are the gTLD servers, NOT the root servers. The root servers only host "." and a few other misc zones now. :-)

spatula: You're right. I've been calling them the "root servers" for so long... old...

Posted by Slipshod from San Jose, CA on Sep. 16, 2003 16:55

Don't forget to add that IP address to your mail server's blacklist. If your mailserver (or anti-spam package) tries to resolve the domains in the mail headers and rejects fake domains... It won't reject them anymore!

Posted by Jraxis on Sep. 17, 2003 02:25

Time to patch free/open-source DNS implementations (BIND, etc.) to treat a return of this IP address as synonymous with a lookup failure.

Posted by GWTPict from A Small Dark Place on Sep. 17, 2003 12:05

Just checked, even a fucking 'ping' resolves to them. Great.

Posted by Bedsy Panwetter on Sep. 24, 2003 20:00

I think people should just set up programs that generate E-mali to random .com and .net address. They can say "we just made a lot of typos". Meanwhile Verisign would be flooded with E-mail