ICANN ICANN Email List Archives

[At-Large Advisory Committee]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [alac] Redirection of non-existing domain names, again

  • To: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
  • Subject: Re: [alac] Redirection of non-existing domain names, again
  • From: Esther Dyson <edyson@xxxxxxxxxxxxx>
  • Date: Tue, 16 Sep 2003 05:36:51 -0400

Fine with me.

FWIW, I think our job is to register our concerns in public, as we are doing, and send Roberto to the board... the issue is things that are actually going on (and some kind of notion of the public interest needs to be surfaced quickly).

I would add at the end: ...stop this service and consider its implications." or something.


At 07:34 PM 9/15/2003, Thomas Roessler wrote:
Here's an updated draft that takes into account today's

- The service has gone live now -- kind of: The redirection server
  is unreachable from here, turning unregistered domain names into
  TCP timeout problems, and leading to an absolutely horrible user
  experience when typos happen.

- Verisign got the TTL of the records returned right, so the issue
  about poisoning caches is only a problem for 15 minutes -- that's
  probably tolerable.

- Verisign does *not* make use of the registry zone file for
  offering corrections, it seems, so our speculations on how such a
  service could be implemented in a competition-friendly and
  technically clean manner are moot.

Thomas Roessler  <roessler@xxxxxxxxxxxxxxxxxx>
At-Large Advisory Committee: http://alac.info/

The At-Large Advisory Committee is deeply concerned by Verisign's surprising roll-out of the "SiteFinder" service for .net, and the apparently imminent roll-out of that service for .com. SiteFinder works by re-directing queries for non-existing domain names to the IP address of a search service that is being run by Verisign.

This practice raises grave technical concerns, as it de facto
removes error diagnostics from the DNS protocol, and replaces them
by an error handling method that is tailored for HTTP, which is just
one of the many Internet protocols that make use of the DNS. We will
leave it for others to explain the details of these concerns, but
note that returning resource records in a way which is countrary to
the very design of the DNS certainly does not promote the stability
of the Internet.

These concerns are not mitigated by Verisign's efforts to work
around the consequences of breaking the Internet's design on a
service-by-service basis, in particular since the work-arounds
deployed depend on the global reachability of Verisign's redirection

That infrastructure has already become unreachable few hours after
the service was initially deployed, confronting Internet users with
misleading network timeout error messages instead of
quickly-delivered and accurate "no such domain name" errors.

When working as intended, the service centralizes error handling
decisions at the registry that are rightly made in application
software run on users' computers.  Users are deprived of the
opportunity to chose those error handling strategies best suited for
their needs, by chosing appropriate products available on a
competitive marketplace. Software makers are deprived of the
opportunity to compete by developing innovative tools that best
match the user's needs.

We would recommend that the board take whatever steps are necessary
to stop this service.

Esther Dyson Always make new mistakes! chairman, EDventure Holdings writer, Release 3.0 (on Website below) edyson@xxxxxxxxxxxxx 1 (212) 924-8800 -- fax 1 (212) 924-0240 104 Fifth Avenue (between 15th and 16th Streets; 20th floor) New York, NY 10011 USA http://www.edventure.com

see my new blog (finally!) at

Release 1.0 - the first good look
at technology that matters

<<< Chronological Index >>>    <<< Thread Index >>>