Verisign hijacks .com and .net (fwd)

Verisign hijacks .com and .net (fwd)

From: David Keegel <djk§cybersource.com.au>
Date: Tue, 16 Sep 2003 13:09:00 +1000 (EST)
Some more detailed discussion about the implications of the wildcards.

Forwarded with permission from Mark Newton.

----- Forwarded message from Mark Newton -----

Date: Tue, 16 Sep 2003 10:31:24 +0930
From: Mark Newton <newton&#167;atdot.dotat.org>
To: sage-au&#167;sage-au.org.au
Subject: [SAGE-AU] Verisign hijacks .com and .net
List-Id: SAGE-AU discussion list.  <sage-au.sage-au.org.au>
List-Help: <mailto:sage-au-request&#167;sage-au.org.au?subject=help>

This morning Verisign inserted a wildcard A-record into the .com and .net
gTLDs.  That action counts as the single largest domain-hijacking event
in the Internet's history.
                                                                                
The offending A-record makes every otherwise non-existant .com and .net
domain name resolve to 64.94.110.11.  Until half an hour ago that IP 
address answered HTTP requests with a "You've mistyped a domain, wanna
buy it?" kind of page.

This breaks anti-spam filters which check to ensure that the sender
domain name exists before accepting the mail, because now ALL sender
domain names in .com and .net exist as far as the DNS is concerned.

It also means that anyone who has failed to redelegate any of their
domains after one of their .com or .net nameservers have ceased to exist
may now find that some percentage of their email will now bounce.

Unsurprisingly, there are efforts afoot in the US to get Verisign to
change their mind.  Those efforts may be getting some traction, because
the HTTP server I mentioned above doesn't appear to be running anymore,
and takes 90 seconds or so to time-out instead.  Maybe someone has
just DDoS'ed it.  Who knows?

Either way, if any of your users ask you today about why the web seems
"wierd", or why some things are taking a long time when they previously
worked snappily, or why they're suddenly getting more spam than they're
used to, that's the reason.

There are discussions on US Network Operations and BIND Development
mailing lists about how to react to this.  One favoured option right
now is to modify BIND so that wildcard responses in gTLDs are replaced
with NXDOMAIN before being passed to the client, thereby restoring the
functionality which various systems have relied upon until this morning's
change.  If such a modification to BIND is made, I'd highly recommend 
upgrading all your namesevers to protect your users from the effects of
Verisign's blatant attempt to commercialize typographical errors.

  - mark
    [ update:  as I typed this, 64.94.110.11 is once again answering
      HTTP requests with a search engine portal page.  Sigh.  Further
      developments will no doubt... well, develop, I guess. ]

--------------------------------------------------------------------
I tried an internal modem,                    newton&#167;atdot.dotat.org
     but it hurt when I walked.                          Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----

___________________________________________________________________________
The Sage-au mailing list is a member-only service.  Postings to this
list are made by individual members, and do not necessarily reflect SAGE-AU
policy or position.  This article may not be reproduced or quoted beyond
this forum without written permission of all contributing authors.  Further
information can be found at http://www.sage-au.org.au/maillist.html

----- End of forwarded message from Mark Newton -----
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC