[wildcard-comments] comments on DNS wildcarding
Dear Sir: I would like to express my gratitude to ICANN for acting (albeit slowly) to stop Verisign's attempt to control the entire unregistered namespace in .com and .net through DNS wildcarding. I would also like to express concern for whatever similarly sleazy attempts that Verisign (and possibly others) might make to further their individual commercial interests at the expense of general network stability and application functionality. This includes the proposed revival of wildcard entries for the .com and .net root zones. Although I was dismayed by ICANN's initial non-response to Verisign's addition of wildcard A records pointing to 188.8.131.52 to the .com and .net root zones, I was pleased that ICANN has since taken a strong stand against the practice of making such a sweeping change (affecting untold numbers of users and system administrators, such as myself) without any prior announcement with significant lead time for members of the network community to voice their concerns. What upsets me now, however, is that Verisign appears to be claiming that this "service" (which seems to have amounted to a blatant attempt to force web users to view a Verisign web site, with little regard for users of other protocols) has been "suspended" on a "temporary" basis and is now threatening to revive it. There seems to be no indication from Verisign that anyone from that company acknowledges the problems that were caused by the DNS wildcarding issue, nor does the company seem to have decided to take a more cautious attitude toward future introduction of similar "services." This is quite astounding for a number of reasons, particularly since Verisign's supposed business is "trust" and "credibiilty," all of which the company has destroyed by its actions over the last few weeks. I strongly encourage ICANN to take a hard line on this issue and do everything possible to ensure that Verisign does not re-introduce DNS wildcards to any TLDs in the future. I would also encourage ICANN to ask the operators of the few other TLDs for which DNS wildcard entries do exist to discontinue the practice. The Internet (and DNS) is not the same thing as "the web" or http, and should not be treated as such. DNS is used for many applications, some of which (particularly spam filtering) depend upon receiving an NXDOMAIN response for unregistered domains. Further, the DNS wildcard entry amounts to the same thing as "registering" all available domains (and plenty of unavailable ones, too) within a TLD, thus violating the ICANN whois policy, as each registered domain must have a corresponding whois entry. If Verisign is unable or unwilling to operate the .com and .net TLDs in a stable, secure, efficient, responsible manner that does not break existing protocols, applications, and standards, and which does not involve drastic changes made without community knowledge or discussion far in advance of implementation, then ICANN should find someone else to take responsibility for those TLDs. Thank you for your attention in this matter.