Site Finder

Last updated November 29, 2023

Site Finder was a wildcard DNS record for all .com and .net unregistered domain names, run by .com and .net top-level domain operator VeriSign between 15 September 2003 and 4 October 2003.

Site Finder

All Internet users who accessed any unregistered domains in the .com and .net domain space were redirected to a VeriSign web portal with information about VeriSign products and links to "partner" sites. This gave VeriSign the advantage of receiving greater revenue from advertising and from users wishing to register these domain names. It had the effect of capturing the web traffic for several million mistyped or experimental web accesses per day, and meant that VeriSign effectively owned all possible .com and .net domains that had not been bought by others, and could use them as an advertising platform.

VeriSign described the change as an attempt to improve the Web browsing experience for the naive user, without mentioning any use of the domain name system other than by browsers. VeriSign's critics saw this claim as disingenuous. The change led to a dramatic increase in the amount of Internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.^[1]

Issues and controversy

There was a storm of controversy among network operators and competing domain registrars, particularly on the influential NANOG and ICANN mailing lists, some of whom asserted:

that the redirection was contrary to the proper operation of the DNS, ICANN policy, and the Internet architecture in general;
that VeriSign breached its trust with the Internet community by using technical architecture for marketing purposes;
that the redirection broke various RFCs and disrupted existing Internet services, such as email relay and filtering (spam filters were not able to detect the validity of domain names);
that the redirection amounted to typosquatting where the unregistered domain being resolved is a spelling mistake for a famous registered domain;
that VeriSign abused its technical control over the .com and .net domains by exerting a de facto monopoly control;
that VeriSign may have been in breach of its contracts for running the .com and .net domains;
that the Site Finder service assumed that all DNS traffic was caused by Web clients, ignoring the fact that DNS is used by other applications such as networked printers, FTP software, and dedicated communications applications. If users of these applications accidentally entered a wrong host name, instead of a meaningful "host not found" error they would get a "request timed out" error, making it look like the server existed but is not responding. No statement by VeriSign in support of Site Finder even acknowledged the existence of DNS traffic not caused by Web clients,^{[ citation needed ]} although they published implementation details which mentioned this traffic.^[2]
that Site Finder contained an end-user license agreement which stated that the user accepts the terms by using the service—but since mistyping an address automatically caused the service to be used, users could not refuse to accept the terms.

Others were concerned that the Site Finder service was written entirely in English and therefore was not accessible by non-English speakers.

The Internet Architecture Board composed a document detailing many of the technical arguments against registry-level wildcards;^[3] this was used by ICANN as part of its supporting arguments for its action.

Fallout

A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the Internet Systems Consortium announced that it had produced a version of the BIND DNS software that could be configured by Internet service providers to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.

On October 4, 2003, as a result of a strong letter^[4] from ICANN, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future. On February 27, 2004, VeriSign filed a lawsuit against ICANN, claiming that ICANN had overstepped its authority. The claim regarded not only Site Finder, but also VeriSign's much-criticised Wait Listing Service. The claim was dismissed in August 2004; parts of the lawsuit continued, and culminated in a March 1, 2006 settlement between VeriSign and ICANN which included "a new registry agreement relating to the operation of the .COM registry."^[5]

On July 9, 2004, the ICANN Security and Stability Advisory Committee (SSAC) handed down its findings after an investigation on Site Finder. It found that the service should not be deployed before ICANN and/or appropriate engineering communities were offered the opportunity to review a proposed implementation, and that domain name registries that provide a service to third parties should phase out wildcard records if they are used.

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

The Internet Corporation for Assigned Names and Numbers is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the functions to the global multistakeholder community.

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As of 2017, 330.6 million domain names had been registered. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a domain name. Most registries operate on the top-level and second-level of the DNS.

The domain com is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. Created in the first group of Internet domains at the beginning of 1985, its name is derived from the word commercial, indicating its original intended purpose for subdomains registered by commercial organizations. Later, the domain opened for general purposes.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

The domain name .org is a generic top-level domain (gTLD) of the Domain Name System (DNS) used on the Internet. The name is truncated from 'organization'. It was one of the original domains established in 1985, and has been operated by the Public Interest Registry since 2003. The domain was originally "intended as the miscellaneous TLD for organizations that didn't fit anywhere else." It is commonly used by non-profit organizations, open-source projects, and communities, but is an open domain that can be used by anyone. The number of registered domains in .org has increased from fewer than one million in the 1990s, to ten million in 2012, and held steady between ten and eleven million since then.

Verisign Inc. is an American company based in Reston, Virginia, United States, that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc country-code top-level domains, and the back-end systems for the .jobs and .edu sponsored top-level domains.

A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a * as the leftmost label (part) of a domain name, e.g. *.example.com. The exact rules for when a wildcard will match are specified in RFC 1034, but the rules are neither intuitive nor clearly specified. This has resulted in incompatible implementations and unexpected results when they are used.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry or a country code top-level domain (ccTLD) registry. A registrar operates in accordance with the guidelines of the designated domain name registries.

Network Solutions, LLC is an American-based technology company and a subsidiary of Web.com, the 4th largest .com domain name registrar with over 6.7 million registrations as of August 2018. In addition to being a domain name registrar, Network Solutions provides web services such as web hosting, website design and online marketing, including search engine optimization and pay per click management.

.cm is the country code top-level domain (ccTLD) for Cameroon.

<span class="mw-page-title-main">Open Root Server Network</span>

Open Root Server Network (ORSN) was a network of Domain Name System root nameservers for the Internet. ORSN DNS root zone information was kept in synchronization with the "official" Domain Name System root nameservers coordinated by ICANN. The networks were 100% compatible, though ORSN was operated independently. The ORSN servers were primarily placed in Europe. ORSN is also used by public name servers, providing Domain Name System access freely for everyone, without any limitation until the project closed in May 2019. ORSN was primarily started to reduce the over-dependence of Internet users on the United States and Department of Commerce/IANA/ICANN/VeriSign, limit the control over the Internet that this gives, while ensuring that domain names remain unambiguous. It also helps avoid the technical possibility of global "Internet shutdown" by one party. They also expect their network to make domain name resolutions faster for everyone.

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

The following outline is provided as an overview of and topical guide to the Internet.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

Navigation Catalyst Systems, previously known as Vendare, First Look, and qsrch.net, was a pay-per-click advertising company that specialized in monetizing parked domain names and registrars' wildcard DNS records. Navigation Catalyst Systems was a subsidiary of New.net and an affiliate of the ICANN-accredited registrar Basic Fusion.

Domain registration is the process of acquiring a domain name from a domain name registrar.

Public Interest Registry is a not-for-profit based in Reston, Virginia, created by the Internet Society in 2002 to manage the .ORG top-level domain. It took over operation of .ORG in January 2003 and launched the .NGO and .ONG top-level domains in March 2015.

References

↑ "Alexa.com". Archived from the original on 2017-12-01. Retrieved 2006-11-09.
↑ VeriSign Site Finder implementation VeriSign Naming and Directory Services, August 27, 2003
↑ IAB Commentary: Architectural Concerns on the use of DNS Wildcards Archived 2011-05-30 at the Wayback Machine , September 19, 2006
↑ Letter from Paul Twomey to Russell Lewis 3 October 2003
↑ ICANN Board Approves VeriSign Settlement Agreements ICANN, February 28, 2006

External links

VeriSign's Site Finder Implementation document (PDF) at the Wayback Machine (archived November 9, 2004)
VeriSign's announcement to NANOG of their wildcard DNS changes
ICANN Advisory Concerning Demand to Remove VeriSign's Wildcard of 3 October 2003
Slashdot discussion regarding Site Finder
Internet Software Consortium announcement of "delegation-only" feature that can be used to ignore gTLD wildcards
VeriSign to revive redirect service CNET article written 15 October 2003 at archive.today (archived January 19, 2013)
Washington Post (27.02.2004): Suit Challenges Powers of Key Internet Authority
Findings of ICANN SSAC on Site Finder service (PDF)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Alexa.com". Archived from the original on 2017-12-01. Retrieved 2006-11-09.

[2] VeriSign Site Finder implementation VeriSign Naming and Directory Services, August 27, 2003

[3] IAB Commentary: Architectural Concerns on the use of DNS Wildcards Archived 2011-05-30 at the Wayback Machine , September 19, 2006

[4] Letter from Paul Twomey to Russell Lewis 3 October 2003

[5] ICANN Board Approves VeriSign Settlement Agreements ICANN, February 28, 2006

[1]

[2]

[3]

[4]

[5]

Site Finder

Contents

Site Finder

Issues and controversy

Fallout

Related Research Articles

References

External links