[Dshield] Verisign abusing .COM/.NET monopoly, BIND releases new

Thor Larholm thor at pivx.com
Wed Sep 17 21:33:09 GMT 2003

This is simply amazing, Verisign has just turned the .COM and .NET TLD
DNS servers up-side-down for their own economical gain and, in doing so,
disrupted network traffic for most of the Internet. Mail administrators
who use any non-existant DNSBL to mark email as spam suddenly has all
their mails deleted, people using localhost.localdomain.com on their
servers for administrative purposes are scrambling to find out the cause
of their problems and DNS problems arise everywhere as neg caching is
essentially disabled and all DNS caches have to cache each and every
randomly typed DNS query.

The BIND patch that prevents this should be released Wednesday.


DragonHawk writes "As of a little while ago (it is around 7:45 PM US
Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A
record to the .COM and .NET TLD DNS zones. The IP address returned is, which reverses to sitefinder.verisign.com. What that means
in plain English is that most mis-typed domain names that would formerly
have resulted in a helpful error message now results in a VeriSign
advertising opportunity. For example, if my domain name was
'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they
would get VeriSign's advertising." Read on below for some more


The Internet Software Consortium, the nonprofit organization that
develops BIND software for Internet domain name directories, is writing
an "urgent patch" for Internet service providers and others who want to
block customers from a new Site Finder service from VeriSign Inc.

Though VeriSign gets unspecified revenues from search engine partners
whose technology powers Site Finder, company officials described the
service as primarily a navigation tool to help lost Internet users.

Earlier this year, a suburban Washington company called Paxfire Inc.
tested a similar service for ".biz" and ".us" names, but the U.S.
government and a private oversight board asked Paxfire to suspend it
after a few weeks pending a review, Paxfire chairman Mark Lewyn said.

Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities

More information about the list mailing list