Site Finder was a
wildcard DNS record for all
.com and
.net
The .NET platform (pronounced as "''dot net"'') is a free and open-source, managed code, managed computer software framework for Microsoft Windows, Windows, Linux, and macOS operating systems. The project is mainly developed by Microsoft emplo ...
unregistered domain names, run by .com and .net
top-level domain
A top-level domain (TLD) is one of the domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the DNS root zone, root zone of the nam ...
operator
VeriSign
Verisign, Inc. is an American company based in Reston, Virginia, that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and generic top-level d ...
between 15 September 2003 and 4 October 2003.
Site Finder
All Internet users who accessed any unregistered domains in the .com and .net domain space were redirected to a VeriSign
web portal
A web portal is a specially designed website that brings information from diverse sources, like emails, online forums and search engines, together in a uniform way. Usually, each information source gets its dedicated area on the page for displayin ...
with information about VeriSign products and links to "partner" sites. This gave VeriSign the advantage of receiving greater revenue from advertising and from users wishing to register these domain names. It had the effect of capturing the
web traffic
Web traffic is the data sent and received by visitors to a website. Since the mid-1990s, web traffic has been the largest portion of Internet traffic. Sites monitor the incoming and outgoing traffic to see which parts or pages of their site are ...
for several million mistyped or experimental web accesses per day, and meant that VeriSign effectively owned all possible .com and .net domains that had not been bought by others, and could use them as an advertising platform.
VeriSign described the change as an attempt to improve the Web browsing experience for the naive user, without mentioning any use of the domain name system other than by browsers. VeriSign's critics saw this claim as disingenuous. The change led to a dramatic increase in the amount of Internet traffic arriving at verisign.com. According to the web traffic measurement company
Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.
Issues and controversy
There was a storm of controversy among network operators and competing domain registrars, particularly on the influential
NANOG and
ICANN
The Internet Corporation for Assigned Names and Numbers (ICANN ) is a global multistakeholder group and nonprofit organization headquartered in the United States responsible for coordinating the maintenance and procedures of several dat ...
mailing lists, some of whom asserted:
* that the redirection was contrary to the proper operation of the
DNS, ICANN policy, and the Internet architecture in general;
* that VeriSign breached its trust with the Internet community by using technical architecture for marketing purposes;
* that the redirection broke various
RFCs and disrupted existing Internet services, such as
email
Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
relay and filtering (
spam
Spam most often refers to:
* Spam (food), a consumer brand product of canned processed pork of the Hormel Foods Corporation
* Spamming, unsolicited or undesired electronic messages
** Email spam, unsolicited, undesired, or illegal email messages
...
filters were not able to detect the validity of domain names);
* that the redirection amounted to
typosquatting where the unregistered domain being resolved is a spelling mistake for a famous registered domain;
* that VeriSign abused its technical control over the .com and .net domains by exerting a ''de facto'' monopoly control;
* that VeriSign may have been in breach of its contracts for running the .com and .net domains;
* that the Site Finder service assumed that all DNS traffic was caused by Web clients, ignoring the fact that DNS is used by other applications such as networked
printers,
FTP
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...
software, and dedicated communications applications. If users of these applications accidentally entered a wrong host name, instead of a meaningful "host not found" error they would get a "request timed out" error, making it look like the server existed but is not responding. No statement by VeriSign in support of Site Finder even acknowledged the existence of DNS traffic not caused by Web clients, although they published implementation details which mentioned this traffic.
* that Site Finder contained an
end-user license agreement
An end-user license agreement or EULA () is a legal contract between a software supplier and a customer or end-user.
The practice of selling licenses to rather than copies of software predates the recognition of software copyright, which has ...
which stated that the user accepts the terms by using the service—but since mistyping an address automatically caused the service to be used, users could not refuse to accept the terms.
Others were concerned that the Site Finder service was written entirely in
English and therefore was not accessible by non-English readers.
The
Internet Architecture Board
The Internet Architecture Board (IAB) is a committee of the Internet Engineering Task Force (IETF) and an advisory body of the Internet Society (ISOC). Its responsibilities include architectural oversight of IETF activities, Internet Standards ...
composed a document detailing many of the technical arguments against registry-level wildcards; this was used by ICANN as part of its supporting arguments for its action.
Fallout
A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the
Internet Systems Consortium
Internet Systems Consortium, Inc., also known as ISC, is an American non-profit corporation that supports the infrastructure of the universal, self-organizing Internet by developing and maintaining core production-quality software, protocols, and ...
announced that it had produced a version of the
BIND
BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name Daemon (computing), daemon''), performs both of the main DNS server roles, acting ...
DNS software that could be configured by
Internet service provider
An Internet service provider (ISP) is an organization that provides a myriad of services related to accessing, using, managing, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, no ...
s to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.
On October 4, 2003, as a result of a strong letter from
ICANN
The Internet Corporation for Assigned Names and Numbers (ICANN ) is a global multistakeholder group and nonprofit organization headquartered in the United States responsible for coordinating the maintenance and procedures of several dat ...
, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future. On February 27, 2004, VeriSign filed a lawsuit against ICANN, claiming that ICANN had overstepped its authority. The claim regarded not only Site Finder, but also VeriSign's much-criticised
Wait Listing Service. The claim was dismissed in August 2004; parts of the lawsuit continued, and culminated in a March 1, 2006 settlement between VeriSign and ICANN which included "a new registry agreement relating to the operation of the .COM registry."
ICANN Board Approves VeriSign Settlement Agreements
ICANN, February 28, 2006
On July 9, 2004, the ICANN ''Security and Stability Advisory Committee'' (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries that provide a service to third parties should phase out wildcard records if they are used.
References
External links
*
VeriSign's announcement to NANOG of their wildcard DNS changes
of 3 October 2003
Slashdot discussion regarding Site Finder
* {{Webarchive , url=https://archive.today/20130119164106/http://news.com.com/2100-1038_3-5092133.html?tag=nefd_top , date=January 19, 2013 , title=''VeriSign to revive redirect service'' CNET article written 15 October 2003
Washington Post (27.02.2004): Suit Challenges Powers of Key Internet Authority
Findings of ICANN SSAC on Site Finder service
(PDF)
Domain Name System