[wildcard-comments] comments on DNS wildcarding

[Scott Norwood <snorwood@xxxxxxxxx>]

Dear Sir:

I would like to express my gratitude to ICANN for acting (albeit slowly)
to stop Verisign's attempt to control the entire unregistered namespace
in .com and .net through DNS wildcarding.  I would also like to express
concern for whatever similarly sleazy attempts that Verisign (and possibly
others) might make to further their individual commercial interests at
the expense of general network stability and application functionality.
This includes the proposed revival of wildcard entries for the .com and .net
root zones.

Although I was dismayed by ICANN's initial non-response to Verisign's
addition of wildcard A records pointing to 64.94.110.11 to the .com
and .net root zones, I was pleased that ICANN has since taken a strong
stand against the practice of making such a sweeping change (affecting
untold numbers of users and system administrators, such as myself)
without any prior announcement with significant lead time for members
of the network community to voice their concerns.  What upsets me now,
however, is that Verisign appears to be claiming that this "service"
(which seems to have amounted to a blatant attempt to force web users to
view a Verisign web site, with little regard for users of other protocols)
has been "suspended" on a "temporary" basis and is now threatening
to revive it.  There seems to be no indication from Verisign that anyone
from that company acknowledges the problems that were caused by the DNS
wildcarding issue, nor does the company seem to have decided to take a
more cautious attitude toward future introduction of similar "services."
This is quite astounding for a number of reasons, particularly since
Verisign's supposed business is "trust" and "credibiilty," all of
which the company has destroyed by its actions over the last few weeks.

I strongly encourage ICANN to take a hard line on this issue and do
everything possible to ensure that Verisign does not re-introduce DNS
wildcards to any TLDs in the future.  I would also encourage ICANN to
ask the operators of the few other TLDs for which DNS wildcard entries
do exist to discontinue the practice.  The Internet (and DNS) is not
the same thing as "the web" or http, and should not be treated as
such.  DNS is used for many applications, some of which (particularly
spam filtering) depend upon receiving an NXDOMAIN response for unregistered
domains.  Further, the DNS wildcard entry amounts to the same thing as
"registering" all available domains (and plenty of unavailable ones, too)
within a TLD, thus violating the ICANN whois policy, as each registered
domain must have a corresponding whois entry.

If Verisign is unable or unwilling to operate the .com and .net TLDs
in a stable, secure, efficient, responsible manner that does not break
existing protocols, applications, and standards, and which does not
involve drastic changes made without community knowledge or discussion
far in advance of implementation, then ICANN should find someone else
to take responsibility for those TLDs.

Thank you for your attention in this matter.