Ok, when did *this* happen? - Grin with cat attached — LiveJournal
Previous Entry Next Entry
Ok, when did *this* happen? Sep. 16th, 2003 11:13 am

The more paranoid among you may wish to disable JS before visiting, and view source.

Summary for the less techy among you; Verisign, a domain registration company, have redirected all unknown .com and .net domains into their own control, and link to paid listings from there.

Oh, and if you send a mail to happens to have their mail system misconfigured in various ways, Verisign can swallow your mail for you.

Right, home firewall blocks 25 and 80 to that host, Vserver has "route add -host reject" - anyone tell me if this is permanent over reboots? (apparently consensus is no, so I've added it to /etc/network/interfaces on the debian Vserver)

(no subject) - (Anonymous)
From: wechsler
Date: September 16th, 2003 - 03:57 am (Link)
Likewise. I'm not sure I want to see the full effect.
From: djm4
Date: September 16th, 2003 - 03:42 am (Link)
Yesterday. Verisign are evil.
(no subject) - (Anonymous)
(no subject) - (Anonymous)
(no subject) - (Anonymous)
From: purplerabbits
Date: September 16th, 2003 - 04:34 am (Link)
There a good rant about ithere
From: ali_in_london
Date: September 16th, 2003 - 04:12 am (Link)
Bloody hell.

That's just come up on GLLUG mailing list (and probably lots of other places).


worse worse worse

From: bondagewoodelf
Date: September 16th, 2003 - 05:19 am (Link)
They -also- make any mail with mistyped addresses in .net and .com go to theirmail server which then drops the mail with a 550 error, which means 'mail is dropped without a bounce'.

So mistyping a domain name will now make mail disappear instead of bouncing back to the sender.

This is bad bad bad.

Also, refusing SPAM based on the fact that the sender has a non-existing domain doesn't work anymore either, simply because the domain is not non-existing anymore.

From: olithered
Date: September 16th, 2003 - 05:31 am (Link)

Things fall apart, the centre cannot hold

From: ciphergoth
Date: September 16th, 2003 - 05:40 am (Link)
The implications of this level of evil from the root DNS guardians are just cataclysmic. It's going to take a while to sink in.
From: giolla
Date: September 16th, 2003 - 06:41 am (Link)
Way ahead of verisign are the registrars for:
*.ac, *.cc, *.cx, *.museum, *.nu, *.sh, *.tm, *.ws
who've been doing the same thing for longer but with less visible domains.

There may of course also be others.
From: venta
Date: September 16th, 2003 - 08:22 am (Link)
The more paranoid among you may wish to disable JS before visiting, and view source.

Have I got a different internet from everyone else today ? Or have I just misunderstood ?

If I click on the link above, I get the normal "The requested URL could not be retrieved" error page. And that's what I'd inferred wasn't happening any more ?

(Yes, I understand why what Verisign have done is a Bad Thing, I'm just confused that I don't seem to be seeing the same effect as everyone else.)
From: wechsler
Date: September 16th, 2003 - 08:49 am (Link)
Dunno - lead tech couldn't see the Veriswine page either, but I'm still getting it (if I bypass the systems which now null-route that IP).
From: duncanneko
Date: September 16th, 2003 - 09:35 am (Link)
Right now I get bounced to which then fails to respond on port 80. Telnet to 25 still gets the Not A SMTP Daemon though. Guess they just dropped the HTTP server and left all the rest in place.
From: thekumquat
Date: September 16th, 2003 - 09:45 am (Link)
I got the Verisign page after a couple attempts to make up a not-existing site (notexistent.com is actually some Dutch company!)
Took forever and a few pages of "Could not connect to server" first.

Wondering whether the potential legal gains from a captive audience of every net user can be greater than the costs of running a site accessed by virtually every net user a couple times a day. Is Verisign ruled by US law?
From: wechsler
Date: September 16th, 2003 - 10:47 am (Link)
Is Verisign ruled by US law?

No, other way round ;)

I suspect either 1) not every DNS attempt redirects in the above-mentioned fashion, or 2) the site's under DDOS attack. Certainly a lot of people are 'testing' that site fairly frequently, to see if Verisign are *still* that stupid.