- Site Finder
Site Finder was a
wildcard DNS record for all.com and.net unregistered domain names, run by .com and .nettop-level domain operatorVeriSign between15 September 2003 and4 October 2003 .ite Finder
All Internet users who accessed any unregistered domains in the .com and .net domain space, were redirected to a VeriSign
web portal with information about VeriSign products and links to "partner" sites. This gave VeriSign the advantage of receiving greater revenue from advertising and from users wishing to register these domain names. It had the effect of "capturing" theweb traffic for several million mis-typed or experimental web accesses per day, and meant that VeriSign effectively "owned" all possible .com and .net domains that had not been bought by others, and could use them as an advertising platform.VeriSign described the change as an attempt to improve the Web browsing experience for the naive user. VeriSign's critics saw this claim as disingenuous. Certainly, the change led to a dramatic increase in the amount of internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy. [ [http://traffic.alexa.com/graph?w=640&h=480&r=4y&u=verisign.com Alexa.com] ]
Issues and controversy
There was a storm of controversy among network operators and competing domain registrars, particularly on the influential NANOG and
ICANN mailing lists, some of whom asserted:
* that the redirection was contrary to the proper operation of the DNS, ICANN policy, and the Internet architecture in general;
* that VeriSign breached its trust with the Internet community by using technical architecture for marketing purposes;
* that the redirection broke various RFCs and disrupts existing Internet services, such ase-mail relay and filtering (spam filters were not able to detect the validity of domain names);
* that the redirection amounted totyposquatting where the unregistered domain being resolved is a spelling mistake for a famous registered domain;
* that VeriSign abused its technical control over the .com and .net domains by exerting a "de facto" monopoly control;
* that VeriSign may have been in breach of its contracts for running the .com and .net domains;
* that the Site Finder service assumed that all DNS traffic was caused by Web clients, ignoring the fact that DNS is used by other applications such as network printer drivers, FTP software and dedicated communications applications. If users of these applications accidentally entered a wrong host name, instead of a meaningful "host not found" error they would get a "request timed out" error, making it look like the server exists but is not responding. (No statement by VeriSign in support of Site Finder even acknowledged the existence of DNS traffic not caused by web clients Fact|date=February 2007, although they published implementation details which mentioned this traffic. [http://www.verisign.com/resources/gd/sitefinder/implementation.pdf]
* that Site Finder contained anEULA which stated that the user accepts the terms by using the service--but since mistyping an address automatically caused the service to be used, users could not refuse to accept the terms.Others were concerned that the Site Finder service was written entirely in English and therefore was not accessible by non-English speakers. The Chicago Manual type of grammatical style was specific to the
United States .The
Internet Architecture Board composed a document showing many of the technical arguments why Site Finder was a bad idea; this was used by ICANN as part of its supporting arguments for its action. [ [http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html IAB Commentary: Architectural Concerns on the use of DNS Wildcards] , September 19, 2006]Fallout
A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the
Internet Software Consortium announced that it had produced a version of theBIND DNS software that could be configured byInternet service provider s to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.On
4 October 2003 , as a result of a strong letter fromICANN , VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future. OnFebruary 27 2004 , VeriSign filed a lawsuit against ICANN, claiming that ICANN had overstepped its authority. The claim regarded not only Site Finder, but also VeriSign's much-criticisedWait Listing Service . The claim was dismissed in August 2004; parts of the lawsuit continued, and culminated in aMarch 1 2006 settlement between VeriSign and ICANN which included "a new registry agreement relating to the operation of the .COM registry." [http://www.icann.org/announcements/announcement-28feb06.htm]On
July 9 ,2004 , the ICANN "Security and Stability Advisory Committee" (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries that provide a service to third parties should phase out wildcard records if they are used.ee also
This form of "
typosquatting " technology has been criticized in purchasers of common misspellings of popular domain names as well as other technologies that redirect web traffic, causing web viewers to see unsolicited advertising.
*Whitehouse.com - A former political entertainment and adultpornography site and current political entertainment site that enjoys high traffic from people who mistakenly type "com" instead of "gov" attempting to reach the officialWhitehouse.gov site.
*Internet Explorer - Internet Explorer automatically redirects misspelled URLs to the search engine set in its preferences (by defaultMSN Search orLive Search ). This feature can be disabled.
*Barefruit - Barefruit has developed a range of solutions to identify and redirect internet error traffic including DNS non-existent domains and HTTP errors and works with a number of Tier 1 ISPs. Their service avoids the problems of typosquatting.
*Paxfire - A tool used by some ISPs to redirect mistyped "hotwords" to a Paxfire page with links to paid advertisers. If a user clicks on the link, the revenue is shared between Paxfire and the ISP.
*EarthLink - EarthLink redirects nonexistent hostnames to www.earthlink-help.net, a site similar in functionality and purpose as Site Finder. EarthLink customers can opt out of this service by using alternate unsupported DNS servers provided by the company [http://blogs.earthlink.net/2006/09/more_info_on_dead_domain_handl.php] .
*Charter Communications - Charter Communications has recently (as of April 2007) instituted a similar practice in which DNS searches for nonexistent hostnames return the address of Charter webservers that display advertising content. No usable opt-out procedure is known at the time of this writing. (9-19-2008) Changing primary DNS server to 4.2.2.1 and secondary DNS server to 4.2.2.2 allows you to get around their DNS redirect.
*Cox Communications - Cox Communications High Speed Internet (HSI) started testing a DNS redirect similar to Site Finder on Wednesday April 18, 2007 in the Florida panhandle area. The service has now been rolled out to all the full Cox userbase. Any DNS query, such as asdf.123 or a mistype will send you to 209.86.66.122. There are Opt Out servers located at 68.105.28.13 and 68.105.29.13. The service is clearly indicated, with a link to an explanation of the service as well as the instructions to opt-out are clearly presented.
*Rogers Communications - Rogers Communications broadband Internet service began using a DNS redirect similar to Site Finder on approximately July 18, 2008. Although Rogers claims an opt-out mechanism is available, it affects HTTP only and once a user has opted out their HTTP requests to non-existent addresses are taken to a [http://www20.search.rogers.com/not_found fake failure page] that assumes the browser in use isInternet Explorer .
* Other Providers -Verizon , RCN,Time Warner Cable ,Embarq andInsight Communications have all deployed DNS Redirection services.
*dnsmasq is an open sourced dns proxy software which includes an option to specify the IP addresses of bogus nxdomain responses. In this way, users can filter out the effects of such activity.References
External links
* [http://www.verisign.com/resources/gd/sitefinder/implementation.pdf "VeriSign's Site Finder Implementation" document] (PDF)
* [http://www.merit.edu/mail.archives/nanog/2003-09/msg00398.html VeriSign's announcement to NANOG of their wildcard DNS changes]
* [http://www.icann.org/announcements/advisory-03oct03.htm ICANN Advisory Concerning Demand to Remove VeriSign's Wildcard] of3 October 2003
* [http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99 Slashdot discussion regarding Site Finder]
* [http://www.isc.org/products/BIND/delegation-only.html Internet Software Consortium announcement of "delegation-only" feature that can be used to ignore gTLD wildcards]
* [http://news.com.com/2100-1038_3-5092133.html?tag=nefd_top "VeriSign to revive redirect service"] CNET article written15 October 2003
* [http://www.washingtonpost.com/ac2/wp-dyn/A9415-2004Feb26?language=printer Washington Post (27.02.2004): Suit Challenges Powers of Key Internet Authority]
* [http://www.icann.org/committees/security/ssac-report-09jul04.pdf Findings of ICANN SSAC on Site Finder service] (PDF)
Wikimedia Foundation. 2010.