was a wildcard DNS record
for all .com
unregistered domain names, run by .com and .net top-level domain
between 15 September 2003
and 4 October 2003
All Internet users who accessed any unregistered domains in the .com and .net domain space, were redirected to a VeriSign web portal
with information about VeriSign products and links to "partner" sites. This gave VeriSign the advantage of receiving greater revenue from advertising and from users wishing to register these domain names. It had the effect of "capturing" the web traffic
for several million mis-typed or experimental web accesses per day, and meant that VeriSign effectively "owned" all possible .com and .net domains that had not been bought by others, and could use them as an advertising platform.
VeriSign described the change as an attempt to improve the Web browsing experience for the naive user. VeriSign's critics saw this claim as disingenuous. Certainly, the change led to a dramatic increase in the amount of internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.
Issues and controversy
There was a storm of controversy among network operators and competing domain registrars, particularly on the influential NANOG
mailing lists, some of whom asserted:
- that the redirection was contrary to the proper operation of the DNS, ICANN policy, and the Internet architecture in general;
- that VeriSign breached its trust with the Internet community by using technical architecture for marketing purposes;
- that the redirection broke various RFCs and disrupts existing Internet services, such as e-mail relay and filtering (spam filters were not able to detect the validity of domain names);
- that the redirection amounted to typosquatting where the unregistered domain being resolved is a spelling mistake for a famous registered domain;
- that VeriSign abused its technical control over the .com and .net domains by exerting a de facto monopoly control;
- that VeriSign may have been in breach of its contracts for running the .com and .net domains;
- that the Site Finder service assumed that all DNS traffic was caused by Web clients, ignoring the fact that DNS is used by other applications such as network printer drivers, FTP software and dedicated communications applications. If users of these applications accidentally entered a wrong host name, instead of a meaningful "host not found" error they would get a "request timed out" error, making it look like the server exists but is not responding. (No statement by VeriSign in support of Site Finder even acknowledged the existence of DNS traffic not caused by web clients , although they published implementation details which mentioned this traffic.
- that Site Finder contained an EULA which stated that the user accepts the terms by using the service--but since mistyping an address automatically caused the service to be used, users could not refuse to accept the terms.
Others were concerned that the Site Finder service was written entirely in English and therefore was not accessible by non-English speakers. The Chicago Manual type of grammatical style was specific to the United States.
The Internet Architecture Board composed a document showing many of the technical arguments why Site Finder was a bad idea; this was used by ICANN as part of its supporting arguments for its action.
A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the Internet Software Consortium
announced that it had produced a version of the BIND
DNS software that could be configured by Internet service providers
to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.
On 4 October 2003, as a result of a strong letter from ICANN, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future. On February 27 2004, VeriSign filed a lawsuit against ICANN, claiming that ICANN had overstepped its authority. The claim regarded not only Site Finder, but also VeriSign's much-criticised Wait Listing Service. The claim was dismissed in August 2004; parts of the lawsuit continued, and culminated in a March 1 2006 settlement between VeriSign and ICANN which included "a new registry agreement relating to the operation of the .COM registry."
On July 9, 2004, the ICANN Security and Stability Advisory Committee (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries that provide a service to third parties should phase out wildcard records if they are used.
This form of "typosquatting
" technology has been criticized in purchasers of common misspellings of popular domain names as well as other technologies that redirect web traffic, causing web viewers to see unsolicited advertising.
- Whitehouse.com - A former political entertainment and adult pornography site and current political entertainment site that enjoys high traffic from people who mistakenly type "com" instead of "gov" attempting to reach the official Whitehouse.gov site.
- Internet Explorer - Internet Explorer automatically redirects misspelled URLs to the search engine set in its preferences (by default MSN Search or Live Search). This feature can be disabled.
- Barefruit- Barefruit has developed a range of solutions to identify and redirect internet error traffic including DNS non-existent domains and HTTP errors and works with a number of Tier 1 ISPs. Their service avoids the problems of typosquatting.
- Paxfire - A tool used by some ISPs to redirect mistyped "hotwords" to a Paxfire page with links to paid advertisers. If a user clicks on the link, the revenue is shared between Paxfire and the ISP.
- EarthLink - EarthLink redirects nonexistent hostnames to www.earthlink-help.net, a site similar in functionality and purpose as Site Finder. EarthLink customers can opt out of this service by using alternate unsupported DNS servers provided by the company
- Charter Communications - Charter Communications has recently (as of April 2007) instituted a similar practice in which DNS searches for nonexistent hostnames return the address of Charter webservers that display advertising content. No usable opt-out procedure is known at the time of this writing. (9-19-2008) Changing primary DNS server to 18.104.22.168 and secondary DNS server to 22.214.171.124 allows you to get around their DNS redirect.
- Cox Communications - Cox Communications High Speed Internet (HSI) started testing a DNS redirect similar to Site Finder on Wednesday April 18, 2007 in the Florida panhandle area. The service has now been rolled out to all the full Cox userbase. Any DNS query, such as asdf.123 or a mistype will send you to 126.96.36.199. There are Opt Out servers located at 188.8.131.52 and 184.108.40.206. The service is clearly indicated, with a link to an explanation of the service as well as the instructions to opt-out are clearly presented.
- Rogers Communications - Rogers Communications broadband Internet service began using a DNS redirect similar to Site Finder on approximately July 18, 2008. Although Rogers claims an opt-out mechanism is available, it affects HTTP only and once a user has opted out their HTTP requests to non-existent addresses are taken to a fake failure page that assumes the browser in use is Internet Explorer.
- Other Providers - Verizon, RCN, Time Warner Cable, Embarq and Insight Communications have all deployed DNS Redirection services.
- dnsmasq is an open sourced dns proxy software which includes an option to specify the IP addresses of bogus nxdomain responses. In this way, users can filter out the effects of such activity.