David Schairer, vice president of broadband provider XO Communications, is frustrated by VeriSign's decision to redirect Web surfers who mistype domain names to its own advertising-based Web site.
At an unprecedented public meeting Tuesday to discuss VeriSign's "Site Finder" redirection, Schairer described in detail how the changes had increased XO's network traffic, confused his customers' e-mail utilities, and disabled a test that previously snared about one-fifth of the spam directed at XO's network.
The Site Finder server also chokes on large e-mail messages that are addressed to nonexistent domain names and does not work with software created for people with handicaps, Schairer said. He predicted that the work required to fix similar problems in thousands of software programs is smaller in scope but "similar in kind" to the massive Year 2000 bug effort--amounting to a kind of "tax on the Internet."
Schairer's examples and those offered by other participants at the meeting--organized by the Internet Corporation for Assigned Names and Numbers (ICANN)--combined to put VeriSign on the defensive on Tuesday. The company, which enjoys a government-granted monopoly on the master .com and .net database, said last week it would "temporarily suspend" its redirection service.
News source: CNet News - VeriSign fends off critics at ICANN confab
At an unprecedented public meeting Tuesday to discuss VeriSign's "Site Finder" redirection, Schairer described in detail how the changes had increased XO's network traffic, confused his customers' e-mail utilities, and disabled a test that previously snared about one-fifth of the spam directed at XO's network.
The Site Finder server also chokes on large e-mail messages that are addressed to nonexistent domain names and does not work with software created for people with handicaps, Schairer said. He predicted that the work required to fix similar problems in thousands of software programs is smaller in scope but "similar in kind" to the massive Year 2000 bug effort--amounting to a kind of "tax on the Internet."
Schairer's examples and those offered by other participants at the meeting--organized by the Internet Corporation for Assigned Names and Numbers (ICANN)--combined to put VeriSign on the defensive on Tuesday. The company, which enjoys a government-granted monopoly on the master .com and .net database, said last week it would "temporarily suspend" its redirection service.
News source: CNet News - VeriSign fends off critics at ICANN confab
But VeriSign made clear during the open meeting convened by ICANN's Security and Stability Advisory Committee that it had no intention of turning Site Finder off for good. Executives from the company said they were considering turning on Site Finder again but disabling the "wild card" service for e-mail deliveries to nonexistent domains--which could solve many of the e-mail problems that speakers described.
"What I was kind of hoping to hear from the presentations was not just the theoretical 'What can go wrong?' sort of things," said Ken Silva, who oversees VeriSign's technical services and is a member of the ICANN committee. "The service ran for a number of weeks, and quite frankly, we did not experience nor did our users experience the catastrophes we're hearing are theoretically possible. We're not seeing the odd instabilities that are claimed."
VeriSign's Scott Hollenbeck said that the company's own statistics showed that only 3 percent of e-mail spam is identified using a domain name look-up technique, which can be broken by Site Finder. Hollenbeck also said that 68.7 percent of Internet traffic to nonexistent domains represented Web connections, 17 percent was e-mail, and the rest were IRC (Internet relay chat), POP, and assorted protocols.
The unusual meeting--ICANN has never held one like it before--was organized to let the committee hear technical concerns about Site Finder and prepare a public report. Legal and policy questions were not on the agenda, and VeriSign representatives repeatedly objected when the discussion veered in that direction.
"Are we going to focus on security and stability, or usability?" asked VeriSign's Ben Turner, saying the committee's mandate was too narrow to include broader questions about Site Finder.
Stephen Crocker, one of the Internet's original architects and the ICANN committee's chairman, asked VeriSign why the wild card was introduced without giving network operators any warning. "I know for a fact that VeriSign has no problem finding its way to those (technical discussion) forums," Crocker said, referring to the company's ongoing participation in them.
"I don't want to go beyond the agenda," replied Chuck Gomes, VeriSign's vice president for its registry service. Citing concerns of proprietary information and competitive advantage, he added that he didn't think he could guarantee any advance notice of similar changes in the future.
Matt Larson, of VeriSign Naming and Directory Services, dismissed reports of widespread problems with Site Finder. "We have a hard time with this idea that it's had a huge impact," Larson said. He said he couldn't discuss the results reported by XO Communications because "we didn't have the chance to see this presentation in advance."
VeriSign's policy was intended to generate more advertising revenue by driving additional visitors to its network of Web sites. But the change has had the side effect of rewiring a portion of the Internet that software designers always had expected to behave a certain way. That rewiring caused the negative consequences described by the meeting participants.
In an unusual grassroots movement, some network administrators have adopted technical countermeasures against VeriSign. A typical one has been to install a modified version of BIND (the standard utility used for Internet domain name look-ups) that essentially restored the original network behavior.
Yeah *they* didn't experience, but it sure screwed things up for a lot of other people...
Then another software that did a list search of possible servers to use, before sitefinder, the search would end up rejecting domain after domain until it hit a working one. Sitefinder suddenly made all these domains that didn't exist..exist.
Thankfully none of these softwares where too complex and they where all running in-house so it only took me an hour or so of programming to fix. My boss liked the idea of sending VeriSign a bill...
I can't imagine if any of this software was sold and live.
DNS is not just webpages. And unlike IE's search page, SiteFinder couldn't be turned off or switched out.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.