Ryan Spaight
Supporting Actor
- Joined
- Jun 30, 1997
- Messages
- 676
Sometime yesterday, Verisign added a wildcard A record to the COM and NET root nameservers, which resolves to 64.94.110.11, or sitefinder.verisign.com -- a big fat Verisign page. *Any* invalid hostname ending in COM or NET will now return this address. (Try it with nslookup. Scary.)
This is similar to what Microsoft did in IE, where a bad hostname would take you to MSN search. The difference is that while you can turn that behavior off in IE, what Verisign has done affects the whole damn Internet, and there's no way to disable it.
This has the effect of breaking spam filters and making many basic troubleshooting operations much more difficult. More discussion here:
http://slashdot.org/articles/03/09/1...&tid=98&tid=99
I don't think it's an overstatement to say this is the single biggest change in how the Internet DNS system works ever, and entirely for the worse. Whoever at Verisign thought this up should be shot.
Ryan
This is similar to what Microsoft did in IE, where a bad hostname would take you to MSN search. The difference is that while you can turn that behavior off in IE, what Verisign has done affects the whole damn Internet, and there's no way to disable it.
This has the effect of breaking spam filters and making many basic troubleshooting operations much more difficult. More discussion here:
http://slashdot.org/articles/03/09/1...&tid=98&tid=99
I don't think it's an overstatement to say this is the single biggest change in how the Internet DNS system works ever, and entirely for the worse. Whoever at Verisign thought this up should be shot.
Ryan