Site Finder
Encyclopedia
Site Finder was a wildcard DNS record
for all .com
and .net
unregistered domain names, run by .com and .net top-level domain
operator VeriSign
between 15 September 2003 and 4 October 2003.
with information about VeriSign products and links to "partner" sites. This gave VeriSign the advantage of receiving greater revenue from advertising and from users wishing to register these domain names. It had the effect of "capturing" the web traffic
for several million mis-typed or experimental web accesses per day, and meant that VeriSign effectively "owned" all possible .com and .net domains that had not been bought by others, and could use them as an advertising platform.
VeriSign described the change as an attempt to improve the Web browsing experience for the naive user. VeriSign's critics saw this claim as disingenuous. Certainly, the change led to a dramatic increase in the amount of internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa
, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.
mailing lists, some of whom asserted:
Others were concerned that the Site Finder service was written entirely in English
and therefore was not accessible by non-English speakers.
The Internet Architecture Board
composed a document showing many of the technical arguments why Site Finder was a bad idea; this was used by ICANN as part of its supporting arguments for its action.
DNS software that could be configured by Internet service provider
s to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.
On 4 October 2003, as a result of a strong letter from ICANN
, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future. On February 27, 2004, VeriSign filed a lawsuit against ICANN, claiming that ICANN had overstepped its authority. The claim regarded not only Site Finder, but also VeriSign's much-criticised Wait Listing Service
. The claim was dismissed in August 2004; parts of the lawsuit continued, and culminated in a March 1, 2006 settlement between VeriSign and ICANN which included "a new registry agreement relating to the operation of the .COM registry."
On July 9, 2004, the ICANN Security and Stability Advisory Committee (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries
that provide a service to third parties should phase out wildcard records if they are used.
Wildcard DNS record
A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a "*" as the leftmost label of a domain name, e.g. *.example.com. The exact rules for when a wild card will match are specified in RFC 1034, but the...
for all .com
.com
The domain name com is a generic top-level domain in the Domain Name System of the Internet. Its name is derived from commercial, indicating its original intended purpose for domains registered by commercial organizations...
and .net
.net
The domain name net is a generic top-level domain used in the Domain Name System of the Internet. The name is derived from network, indicating its originally intended purpose for organizations involved in networking technologies, such as Internet service providers and other infrastructure companies...
unregistered domain names, run by .com and .net top-level domain
Top-level domain
A top-level domain is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a...
operator VeriSign
VeriSign
Verisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...
between 15 September 2003 and 4 October 2003.
Site Finder
All Internet users who accessed any unregistered domains in the .com and .net domain space, were redirected to a VeriSign web portalWeb portal
A web portal or links page is a web site that functions as a point of access to information in the World Wide Web. A portal presents information from diverse sources in a unified way....
with information about VeriSign products and links to "partner" sites. This gave VeriSign the advantage of receiving greater revenue from advertising and from users wishing to register these domain names. It had the effect of "capturing" the web traffic
Web traffic
Web traffic is the amount of data sent and received by visitors to a web site. It is a large portion of Internet traffic. This is determined by the number of visitors and the number of pages they visit...
for several million mis-typed or experimental web accesses per day, and meant that VeriSign effectively "owned" all possible .com and .net domains that had not been bought by others, and could use them as an advertising platform.
VeriSign described the change as an attempt to improve the Web browsing experience for the naive user. VeriSign's critics saw this claim as disingenuous. Certainly, the change led to a dramatic increase in the amount of internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa
Alexa Internet
Alexa Internet, Inc. is a California-based subsidiary company of Amazon.com that is known for its toolbar and Web site. Once installed, the toolbar collects data on browsing behavior which is transmitted to the Web site where it is stored and analyzed and is the basis for the company's Web traffic...
, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.
Issues and controversy
There was a storm of controversy among network operators and competing domain registrars, particularly on the influential NANOG and ICANNICANN
The Internet Corporation for Assigned Names and Numbers is a non-profit corporation headquartered in Marina del Rey, California, United States, that was created on September 18, 1998, and incorporated on September 30, 1998 to oversee a number of Internet-related tasks previously performed directly...
mailing lists, some of whom asserted:
- that the redirection was contrary to the proper operation of the DNSDomain name systemThe Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
, ICANN policy, and the Internet architecture in general; - that VeriSign breached its trust with the Internet community by using technical architecture for marketing purposes;
- that the redirection broke various RFCRequest for CommentsIn computer network engineering, a Request for Comments is a memorandum published by the Internet Engineering Task Force describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems.Through the Internet Society, engineers and...
s and disrupts existing Internet services, such as e-mailE-mailElectronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
relay and filtering (spamSpam (electronic)Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
filters were not able to detect the validity of domain names); - that the redirection amounted to typosquattingTyposquattingTyposquatting, also called URL hijacking, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser...
where the unregistered domain being resolved is a spelling mistake for a famous registered domain; - that VeriSign abused its technical control over the .com and .net domains by exerting a de facto monopoly control;
- that VeriSign may have been in breach of its contracts for running the .com and .net domains;
- that the Site Finder service assumed that all DNS traffic was caused by Web clients, ignoring the fact that DNS is used by other applications such as network printerComputer printerIn computing, a printer is a peripheral which produces a text or graphics of documents stored in electronic form, usually on physical print media such as paper or transparencies. Many printers are primarily used as local peripherals, and are attached by a printer cable or, in most new printers, a...
drivers, FTPFile Transfer ProtocolFile Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
software and dedicated communications applications. If users of these applications accidentally entered a wrong host name, instead of a meaningful "host not found" error they would get a "request timed out" error, making it look like the server exists but is not responding. No statement by VeriSign in support of Site Finder even acknowledged the existence of DNS traffic not caused by web clients, although they published implementation details which mentioned this traffic. - that Site Finder contained an EULA which stated that the user accepts the terms by using the service--but since mistyping an address automatically caused the service to be used, users could not refuse to accept the terms.
Others were concerned that the Site Finder service was written entirely in English
English language
English is a West Germanic language that arose in the Anglo-Saxon kingdoms of England and spread into what was to become south-east Scotland under the influence of the Anglian medieval kingdom of Northumbria...
and therefore was not accessible by non-English speakers.
The Internet Architecture Board
Internet Architecture Board
The Internet Architecture Board is the committee charged with oversight of the technical and engineering development of the Internet by the Internet Society ....
composed a document showing many of the technical arguments why Site Finder was a bad idea; this was used by ICANN as part of its supporting arguments for its action.
Fallout
A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the Internet Software Consortium announced that it had produced a version of the BINDBIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
DNS software that could be configured by Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
s to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.
On 4 October 2003, as a result of a strong letter from ICANN
ICANN
The Internet Corporation for Assigned Names and Numbers is a non-profit corporation headquartered in Marina del Rey, California, United States, that was created on September 18, 1998, and incorporated on September 30, 1998 to oversee a number of Internet-related tasks previously performed directly...
, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future. On February 27, 2004, VeriSign filed a lawsuit against ICANN, claiming that ICANN had overstepped its authority. The claim regarded not only Site Finder, but also VeriSign's much-criticised Wait Listing Service
Wait Listing Service
A wait-listing service provided by a domain name registry provides the ability to option a domain name that is already registered. The option-holder then has the ability to have first rights to that domain name if the current registrant should cancel their registration.Taking such an option is no...
. The claim was dismissed in August 2004; parts of the lawsuit continued, and culminated in a March 1, 2006 settlement between VeriSign and ICANN which included "a new registry agreement relating to the operation of the .COM registry."
On July 9, 2004, the ICANN Security and Stability Advisory Committee (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries
Domain name registry
A domain name registry is a database of all domain names registered in a top-level domain. A registry operator, also called a network information center , is the part of the Domain Name System of the Internet that keeps the database of domain names, and generates the zone files which convert...
that provide a service to third parties should phase out wildcard records if they are used.
External links
- VeriSign's Site Finder Implementation document (PDF)
- VeriSign's announcement to NANOG of their wildcard DNS changes
- ICANN Advisory Concerning Demand to Remove VeriSign's Wildcard of 3 October 2003
- Slashdot discussion regarding Site Finder
- Internet Software Consortium announcement of "delegation-only" feature that can be used to ignore gTLD wildcards
- VeriSign to revive redirect service CNET article written 15 October 2003
- Washington Post (27.02.2004): Suit Challenges Powers of Key Internet Authority
- Findings of ICANN SSAC on Site Finder service (PDF)