OT: But, Important to all Internet users

[Diana]

Hi all,

Since the beginning of this week, a serious issue has developed. It is rather technical, so to make it short, Verisign, the company that maintains the Root DNS servers for the whole internet, has created a "wildcard" entry that makes it seem that every possible domain actually exists. Domains that are not registered yet now resolve to a Verisign website. In essence, they have hijacked a large part Internet for their own purposes.

Previous to this action, mistyping a domain name or inadvertantly putting one in that doesn't exist used to return a proper error page...or at least one you had control over through your browser. This is no longer the case.

An even worse thing has happened on the insides of the Internet though, one that most people will be unaware of. By creating this wildcard, all DNS reverse lookups now find a "valid" domain. Many mail servers use this reverse lookup function to determine the validity of the e-mail. See, spammers often use non-existent domains in their e-mail headers to hide their origins. Now, when a reverse lookup is performed, the domain will resolve and the mail gets through the SPAM filters. Network admins and software writers are banding together to fight this at the software level, but more needs to be done.

The benefits to Verisign are HUGE. They will make money off of this "hijacking". They are supposed to be the overseers of the .com and .net domains and as such, they shouldn't mis-use their powers..but they have.

I'm asking all who care to take a moment and sign one or two petitions. Both are at petitionsonline.com but they were started by different people

First: This one here

and: The Second here

Here is a Discussion of the issues

or even more Here at Slashdot

I realize that online petitions probably don't do much if any good, but this is an important issue. I would also ask that anyone who has an 800 number to their ISP, call them and let them know that you are aware of the issues, even if you don't completely understand them. With a loud enough outcry, we may be able to get Verisign to back down. As a good news entry here, Verisign was sued in an Orlando, Florida this morning. I'm keeping my fingers crossed that the judge will see how important this is to the welfare of the Internet and its free nature.

Thanks for reading. (I really need a soapbox smiley...snuffysbluff...I need you.. )

see ya,

edited to fix link to second petition. Seems that the second link is actually the most important petition since it's getting the most activity.

[Bruce_F]

Signed and sealed, Diana!

(I hope signing both doesn't void them)

[george]

Me too Di
George

[pendragon]

A done deal.

And thanks for explaining the situation. I had read about it in the Washington Post, but did not fully comprehend what I was reading or the consequeces of the action. Folks may now think I know what I'm talking about. Please keep the secret.

Harv

[Highmac]

Signed first one, but second one would not load from signature. Will try again later.
I've got the gist of what's going on, even if I don't fully understand it. However, if it is of concern to a TS member, I'm only too happy to back it up.

[Bill]

Heard about this earlier. I'm off to sign away.

[kps]

Nice to see so many TSers on the same page...

My domain registration is due in February, I will not re-register with Verisign. That'll be my small way to make a statement.

[edit] still can't sign the second one. That's the one I really want to sign. VeriSign should lose their registrar status.

[Peter]

Signed the first one- can't get to the second one either.

[kps]

Diana,

HERE's an interesting little thread about how to block it.

I would think it should work just as well with your linux /etc/host file. Check the macwrite link in the second post for OS X instructions.

[kimmer]

Signed the first, still trying to sign the second; and I'm passing this information on to friends and foes.


kimmer

[Bill]

Try using Camino for the second one. Worked for me.

Thought it worked. After checking, it didn't.?.

[Gary S]

Signed sealed and delivered.....#487.

The second petition doesn't seem to want to take my signature. #179......?

Thanks for the heads up Diana.

[Diana]

Wow, you guys are just great!
I appreciate this so much..

kps, I hadn't thought of the /etc/hosts file on the server. Upon thinking about it, the server's /etc/host file wouldn't have any effect. I run BIND, but I have an option line that tells the server not to do reverse lookups for any domain it doesn't actually host. This is set in /etc/named.conf. It's a shame that the Internet framework has been abused to such an extent, because it now means I can't participate with my server to its fullest capabities. Just a few weeks ago I discovered that spammers were abusing my server resources by forcing it to do these reverse lookups for the spamming domains, in effect, hiding their ISP's DNS servers, adding another layer of cloaking to their identities/locations.  The server is still denying these bogus requests multiple times an hour. At least that is easier on it than doing the lookups. mmmumbble-grumble...bums.

Each person who is connected to the internet is most probably using the DNS servers provided by their ISP. I personally use ns1.mindspring.com and ns2.mindspring.com.  That is why it's important to contact and support your ISPs on this issue. If their customers are concerned, they may fight harder.

I had thought of the hosts file on my desktops/laptops, but I've resisted implementing it so far because I want to know if we're making progress towards resolution. I called Earthlink today and had a nice talk with a sympathetic network support guy who said he would definitely pass my concerns up the ladder. My logic for this call was that although I'm sure Earthlink doesn't need educating about this issue, I want them to know/think that the general public is aware and concerned. I figure their own system admins are hoppin' mad too, but if the general public starts an uproar, a resolution may come faster. I would highly recommend that everyone implement this host file option. Not going to the verisign page will keep a few pennies out of their pockets anyway. Oh, if you wanna chuckle, read their Terms of Service...the ones you've "agreed" to by landing on their page..the ones you can't avoid if you're prone to mis-spelling or just like to spend time guessing at domain names. PS...get there using this link:  http://sitefinder.verisign.com/index.jsp

I send you through that link so that they don't load all the advertising that a "keyword" domain would load..

And I'm with kps on domain registrations. I quit Verisign over two years ago now because of their ethics. I also refuse to buy SSL certificates from them. I've never given any credence to Verisign's ability to "Verify" or be truthful about anything. I deal only with OpenSRS now and have been totally happy. kps, if you support OpenSRS, you're supporting a great Canadian company..

Again people, you've made my day. Thank you so much,

see ya,

[jepinto]

Signed!

How dare they?

[Mrious_be]

I signed the first one, but on trying to sign the second one (when posting it) it gave me message that the DNS connection was closed while reading the message
Tried it a few times, no avail.