Network Solutions is going to begin offering a typo-redirection service. The details are spotty, but a lot of people assume they'll be using the root servers to accomplish this task. The domains would resolve back to a NetSol owned web server with a special search engine on it.

I need to figure out how my spam filters are going to react when every domain comes back with a valid response from NetSol. That's gonna break a lot of "domain must resolve" rules that are currently holding back a large portion of the spam flood.

There are wonderful sites like this that fill spammer's lists with noise and worthless information.

Now all those domains are just failed DNS queries. What happens when they resolve? Lots of mail servers will try to service error messages to that false address and instead of instantly failing on a non-existent domain and ditching the message, they'll try over and over again on searchsite.com for 5 days before giving up.

And what are they going to do with all the misdirected e-mails that start hammering on their A record servers from a multitude of spammers? Perhaps there's a silver lining to that cloud after all.

Well, they did it.

"Today VeriSign is adding a wildcard A record to the .com and .net zones. The wildcard record in the .net zone was activated from 10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is being added now."

Here's their implementation white paper.

All .net domains now resolve to 64.94.110.11 and all my anti-spam recipes that involve the resolution of the MAIL From: command are broken.

I'm NOT a happy camper. Everybody should Verisign Support and let them know what you think.

Here's a list of problems that this has caused all over the network just tonight.

September 17, 2003 - Dave Farber on Interesting People has reported Bonnie Bryant of Verisign customer service as saying, "There is no way to exclude yourself from the SiteFinder service. It is live across the internet."

A new BIND version has been released that does not return A records without valid nameservers, and RR SOA.

September 20, 2003 - IAB calls the practice of DNS wildcards disastrous. ICANN has called on Verisign to immediately halt the service.

--

April 19, 2004 - Verisign files support with the FCC for CALEA. VeriSign already provides CALEA services for precisely this kind of broadband telephony, and supports a declaration. Thanks to Politech.

#3354

Unless noted, all content on epistolary.org is © Copyright 1999-2009 to Rob Carlson with all rights reserved. All information is verified when possible, cited as appropriate and applied in the real world at your own risk. Send all feedback to rob@vees.net.