Verisign To Sell DNS Root Server Lookup Data?

An anonymous reader writes "According to an editorial at Domain Name News, Verisign is considering selling partial access to DNS root server lookup data. The data would be made available to registrars, who in turn could use it for 'traffic-tasting' non-existent domains entered by any internet user. This would give them a better idea about what bogus domains to put up sites on to capture eyeballs." Haven't seen this story elsewhere and it's based on an anonymous source; YMMV.

Re:

[ameyer17]

Yeah, except the data could probably be used by typosquatters to... optimize their activities. Anything that helps typosquatters is a bad thing in my opinion.

Squatspecting Abounds

[HTH NE1]

Great. Not only are whois queries bugged by domain prospectors, a.k.a. squatspecting (don't check for the availability of a domain unless you intend to buy it immediately, because someone else is watching and will do so instead), but now just trying them in your browser will tip off others who will buy your ideas for domains out from under you.

Now after you try a URL in your browser and get an error saying the domain doesn't exist, you can just wait one minute and try again and someone will have it up and ready to serve you porn.

This is "Do More Evil".

real estate provides a useful historical example

[Quadraginta]

This sort of speculation is not a new phenomenon. It's been true for centuries in real estate: you buy some property not because it's useful to you, but just to charge whomever it is useful to a hefty price. At some level, this is just an inevitable feature of an open market, and must be tolerated (unless you lack a brain and like the idea of some Big Brother Tsar handing out domain names to whomever "deserves" them most).

But real estate speculation also provides an interesting possible solution: real est

Search engines replacing DNS?

[Kadin2048]

Of course, the fact that trademark law exists at all says that the completely free-market solution is not likely to work. Still, it would be interesting to develop some system where the preference of the global market of users has influence on who "owns" a particular domain name. The present gold-rush first come first served system has obvious disadvantages, and little other than simplicity to recommend it.

I think another 'solution' might be to just give up on DNS and let search engines do the resolution. E.g., instead of having DNS to translate from 'en.wikipedia.org' to 66.230.200.100, you just put "wikipedia" into your search engine of choice, say Google, and then use the IP address that it provides. It wouldn't work right now, because currently the search engines index URLs with domain names, but there's no reason why they have to; Google could just as easily store only server IP addresses in its index,

Re:

[lanzz]

except that it wouldn't work at all, as a huge number of websites are hosted on shared servers via name-based vhosts. i've worked at a webhosting company which had about 70000 customers at the time i left, and i can assure you that they didn't allocate one IP address per customer, much less one IP per hostname hosted. with access by IP your browser doesn't know the hostname it needs to provide to the webserver in the HTTP request, and without it the webserver doesn't know which vhost to serve to you.

Avoid webcentric ideas

[rs79]

That's gonna be a bitch for say, ftp, irc, mail, nntp, ntp, ssh...

Re:

[Quadraginta]

C'mon, think more expansively. There's no reason you can't implement the same idea automatically for those services, too. Essentially he's just saying to give up on the dream of worldwide uniformity in DNS service. Everyone picks out his favorite private DNS server(s), and goes with the translations it (or they) provide(s). The most successful private server will probably be the one that provides the translations that most people want, which solves the problem of squatting.

But I can easily imagine a lot

No.

[Corwn of Amber]

Just think what Microsoft will do! They'll put MSN as The Only Search On The Web, heavily integrate it into Windows, make users jump through flaming hoops just to change the search engine, and so on.

So if search was integrated in the browser and meant to replace DNS, Linux would come with thousands of links, Yahoo will sort of half-work, Google will work great until they slightly change their API and results are, at first, mangled, and within six months, unusable, the other search engines are either terribl

Speculative DomainTasters & Targeted Typosquat

[billstewart]

Not all of the domainer scum are playing the same market. Some are targeting existing names (or potential names of real customers), and they're often malicious - but trademark law provides some tools for dealing with them.

But another kind are the speculative domain tasters, who register large numbers of potentially useful names and return them before the 5-day grace period unless they're going to make more than $6/year in banner ads. ICANN's Soviet-central-planners have decided that the Registry won't cha

Re:

[Quadraginta]

Some very interesting comments.

This I think is wrong, however:

what's the "value" of a name? Certainly nothing objectively quantifiable

The value of a name is very quantifiable. It's the price the highest bidder is willing to pay for it. You can ask the same question, and get the same answer, when you ask what the value of real estate is. The fact that we have very limited insight into the mechanism by which people judge the value of things doesn't change the fact that they can and do, and we can measure t

Re: Quantifying domain name values

[billstewart]

The price the highest bidder is willing to pay for it is an ephemeral value that only exists if there's currently an auction going on for the domain name. If the name isn't currently being sold, or it's being sold through a mechanism other than an auction, there's no way to do the measurement. With real estate, the price a specific piece of land sells for depends on the auction process when it's being sold, but there's a broad enough market for comparable real estate that it's possible to estimate the va

Re:

[trolltalk.com]

"Yeah, except the data could probably be used by typosquatters to... optimize their activities. Anything that helps typosquatters is a bad thing in my opinion."

So just write a script to look up randomly generated web sites, like "mydog42131cat.com", "yourdog42131cat.com", "ourdog42131cat.com" "thedog42131cat.com", and hit those random names many times a day, for weeks on end, until some typo squatter spends the $6 to register it, then stop. "Gee, this domain was getting 100s of hits, now its getting noth

Re:

[mikael]

Yes, but there are actually auction houses where they sell off the domains that aren't making them money. Buy they will also go around offering to buy domains names off other people. The good news is that all the one word domain names have been taken, so they are now looking at multiple word names.

Re:

[trolltalk.com]

And eventually, when enough people lose enough money, this typo-squatting stupidity will stop.

Imagine a list, like an adblock list, but filled with typo-squatter urls, and your browser set to hit 4 or 5 (but not show you the resulting page) every time you load a new page, to help obfuscate your browsing history from snoops upstream. Hurts the typo-squatters, since its all bad traffic, hurts the snoops, because its mostly bad data.

Free Domain Tasting = still making money

[billstewart]

There a different reasons that domainers keep buying domain names even though they have no useful content to offer. Some of them typosquat on names that are similar to popular domain names, or steal names that actual content providers (or other domainers) are checking, but others just go fishing for whatever combinations of keywords and misspelled keywords they think might have a chance of attracting people to their pages and serving them ad banners.

Because domain tasting is free, it's easy to do brute-fo

Verisign

[jcicora]

Does Verisign do anything anymore that isn't just to make a bigger buck, the rest of the world be damned?

Re:Verisign

[Chyeld]

I'm guessing you don't know much of the history of Network Solutions/Verisign if you can phrase the question using the word "anymore".

Domain Tasting

[crf00]

Yes can someone tell me what the hell is about Network Solutions/Verisign? Why do they still allow the kind of 5 days domain tasting even that caused so much problem? Do they earn money themselve anymore than what these domain tasters earn? What is the benifit for them doing these?

I googled through and found that there are so many complains about GoDaddy that people's domain tasted by domain tasters in split of a second after query. How its done is still a myth that everyone just guessing there are spywa

Re:

[kontos]

can someone tell me what the hell is about Network Solutions/Verisign? Why do they still allow the kind of 5 days domain tasting even that caused so much problem?

Their ICANN contract requires that they do it. ICANN has formed a committee to study this, so in a year or two, they will have decided if this is a problem, a couple of years after that they will decide what they should do about it, about a year after that they will agree on the verbiage of the new rule, and the problem will be solved when the contract is changed in 2013.

Re:

[Dark_Gravity]

I'm guessing you don't know much of the history of Network Solutions/Verisign if you can phrase the question using the word "anymore".

ITYM Verislime

Re:

[gzerphey]

Nope... next question please.

Re:

[Burz]

OK, while we're talking about them... http://slashdot.org/comments.pl?sid=334391&cid=21055301 [slashdot.org]

Not Root

[jra]

No, they don't... but let's be clear, here: the *root* server lookups won't do anyone much good.

What they have to be *selling* here would be GTLD lookups, and they don't *get* all that data... In fact, I don't think they get *most* of it.

Re:

[eneville]

I agree, but if they want to do this I think IANA/ICAN should *really* try and put the anchors on Verisign, they're really not supposed to be selling things like this. It's pretty much like an abuse of their power. Why not buy the data from someone like google-analytics instead, which is probably going to be more worthwhile.

Here in the UK nominet run the show. But nominet are obliged to not sell things like the data to make a buck as they're a not-for-profit organisation. There are some good services that N

Actually, their other business is...

[CarpetShark]

Does Verisign do anything anymore that isn't just to make a bigger buck, the rest of the world be damned?

I hear they're also big on damning people...

It's crazy..

[keirre23hu]

If it werent for Amazon's patent, Verisign would probably like to add buy it now pages on the non-resolving dns names....

Based on what I've misspelled...

[snl2587]

Well at least now absolutely everyone can get "what you need, when you need it."

Re:

[v1]

I ran into that TWICE today. Makes me wonder, does anyone have statistics on what percentage of registered domain names are typeo squatters? I'd imagine for every one popular site (google.com, youtube.com etc) there are somewhere on the order of 200 typeo squatter domains registered, so there's gotta be a ton of them in all.

I'm a little surprised that they can make money on these. Either they're getting the domains cheaper than I think they are, are getting more per click / impression than I'm expecting,

Re:

[sg_oneill]

As a former domain registrar employee, MOST domains registered are fraudulent or typo type things. I kid you not. The whole industry needs to be razed to the ground, preferably by angry federal agents. Acording to the CEO of go-daddy, in April 2006, 32 million of 35 million domain registrations where part of Kiting schemes. It fucks up legitimate registrars, and ICANN doesn't want to do a god damn thing about it. The system is broken almost beyond repair, and frankly the dot COM system needs to be reformed

Re: Most registrations are bogus

[billstewart]

Most of the registrations aren't fraudulent - they're just speculators abusing the 5-day-grace-period thing, seeing whether plausible random names will earn at least $6/year in banner ads and keeping the ones that work. The reason it works is that somebody at ICANN decided a few years ago that the registry shouldn't charge any fees on domains that get returned during the grace period. If GoDaddy or some other registrar is annoyed by it, *they* can perfectly well charge a fee or give only a partial refund

I'm rather doubtful about how useful that would be

[xSquaredAdmin]

Most residential and business users will be behind a local DNS server, which probably caches the nameservers for individual TLDs. Since those NS entries on the root servers generally have a 48-hour cache time (and many ISPs DNS servers are probably (mis)configured to hold the data for longer), it doesn't seem like many requests would actually be getting through to Verizon's root servers, especially not enough to make a service like this viable.

Re:

[Cramer]

be getting through to Verizon's root servers

It's VERISIGN, not VERIZON. And the lookups for domains will fall up the tree to the root servers. Even if an ISP caches the answer -- which they do -- the original request still made it to the root. No, Verisign will not know every request, but they don't really need to.

Re:I'm rather doubtful about how useful that would

[jours]

> it doesn't seem like many requests would actually be getting through

When the caching server misses on a request, it forwards the request upstream...ultimately ending up at one of the root servers.

Mod parent up.

[khasim]

If you're in a corporate office with a correctly configured caching DNS box, the spelling errors should outnumber the correctly entered queries. As seen from the root servers.

That is because every spelling error must be sent upstream while just about every correctly entered query should be cached locally.

Mod parent up ^2

[wsanders]

Besides, Verisign operates only a fraction of the root servers:

http://root-servers.org/ [root-servers.org]

So, reason #N+1 why this data might or might not be worth a bucket of warm piss, with N+2 being as how anycasting biases requests in a more or less geographic fashion.

Meh.

Re:

[wsanders]

Well, on more reflection I guess a random sample from one of the Verizon servers would be a "valuable" source of mistyped domains.

So I retract my "meh" and say "pox on Verisign".

Re:Mod parent up ^2

[Kalriath]

Doesn't matter. Verisign is the authority for .com and .net, any request for domains ending in one of those suffixes needs to be queried against Verisign at some point.

Re:

[nife00]

Not technically.
The root server operators are given the root zone files and they run the server. For this to be worth anything it would require a change in the server software, so only the ones run by verisign would ever actually comply.

Re:

[Kalriath]

Yes, except for one issue - the root servers do not contain the contents of any of the TLDs, even the gTLDs which Verisign is contracted to administer. For example, follow this lookup below:

Searching for www.msn.com A record at k.root-servers.net [193.0.14.129]: Got referral to b.gtld-servers.net. (zone: com.) [took 113 ms]
Searching for www.msn.com A record at b.gtld-servers.net. [192.33.14.30]: Got referral to ns3.msft.net. (zone: msn.com.) [took 190 ms]

Now, here's the Whois for gtld-servers.net:

Registran

Re:

[xSquaredAdmin]

Yes, but if it still hits on a known TLD, chances are good that their nameserver will have the NS records for that TLD cached, so the request itself won't hit the root nameservers. If someone requests www.gogle.com, and their local nameserver doesn't have anything cached for the "gogle.com." domain, it'll still likely have the NS records for "com." cached, and thus skip the root nameservers.

No, mod above up

[xyphor]

OP has root servers confused with TLD servers. The root servers should rarely need to be queried.

Re:

[jours]

Strictly speaking, you're right...but people don't commonly make a distinction between the root and tld servers. TFA certainly didn't. And since Verisign has both roots and com/net they certainly have the information the article's talking about. You have to read that article very literally to think they're only talking about queries that hit the root.

Re:

[xSquaredAdmin]

Aah. I was unaware that Verisign owns the .com/.net nameservers. In that case the plan is much more sensible. Also, you should never assume that someone posting on /. has read TFA. ;)

Re:

[jours]

> Also, you should never assume that someone posting on /. has read TFA. ;)

Ain't that the truth. Honestly, the article wasn't very clear...they said "root nameservers" but they sure implied com/net.

They just need a statistical estimation of...

[blorg]

...mistyped addresses. The operators of the root servers for the TLD are in the best position to provide this. They do not need to see every request. Cybersquatters would be very interested in registering these domains for crappy stuff like this [slashhdot.org].

Re:

[ILuvRamen]

aww so if everyone on slashdot goes to www.fuck-you-verisign.com, that won't show up as the #1 non existant domain visited when they look? Darn! I was gonna highly recommend that. I dunno, I think it'll work. Cuz aren't there some crappy, little ISP branches that wouldn't have their own DNS servers and just let everything go right up to a main one? I mean even my road runner DNS servers at this very moment are in Kansas according to their WHOIS and I live in an area Wisconsin with almost 100,000 people

Re:I'm rather doubtful about how useful that would

[discogravy]

verisgn and verizon are different.

This seems odd

[Anon-Admin]

I remember when registration of domains was free, all you had to do was figure out how to fill out the paperwork.

So they sell the data, new domains are registered, and the sites that go up on these domains will be loaded with pop-ups, pop-unders, pop-offs, and pop-up-ur-as* windows.

Sounds like enabling spam to me!

I bet they've been doing this for years

[sqrammi]

I personally am very against something like this. I've heard of several people just typing a domain name into Internet Explorer, seeing that it didn't exist, and then moments later trying to register the domain only to find that it was just barely registered by some registrar. Of course in these cases, Microsoft or possibly some spyware company was the culprit, but I'd hate for this information to be more quickly and widely available. I can't see how anyone would be OK with this.

That was my first thought too

[headbulb]

I check what domains are free by using dig and then looking for NXDOMAIN. This helps to get around any registrar looking at their logs to see what domains people have looked up as free. (I use my own dns server so the queries go to the root servers first)

I am sick of sites being taken by domain squatters.

I thought I had a great thing with dig (or nslookup) but that might end if that data is going to be sold too. So then what's the point.

Some data shouldn't be sold.

Re:

[suso]

Yes I agree. This is currently going on right now, but its done through webpages or search bar plugins or something. At least for people who know how to do the direct queries, we can get around this, but if Verisign does this, it will prevent people from checking for domain name availability without the fear of it being taken before they can register it.

I just wrote to Verisign to strongly emphasize that this is wrong. Plus, this would be bad for other registrars because I would think it would cut them o

Re:

[hal9000(jr)]

I doubt that it was that fast as you are implying. And what do you mean "some registrar"? Where did they search? At a registrars page? Are you saying that registrar, or some other registrar, registered the name? In either case, it's not likely to happen and means in the former case, the registrar is loosing it's own business (dumb) or is colluding with the competition (also dumb).

Those people probably just got bit by a coincidence.

Re:

[trolltalk.com]

"I doubt that it was that fast as you are implying. And what do you mean "some registrar"? Where did they search? At a registrars page? Are you saying that registrar, or some other registrar, registered the name? In either case, it's not likely to happen and means in the former case, the registrar is loosing it's own business (dumb) or is colluding with the competition (also dumb).

Those people probably just got bit by a coincidence.

I used to see it happen a LOT - then I stopped doing name lookups thro

Re:

[rs79]

"I used to see it happen a LOT - then I stopped doing name lookups through web interfaces, and do a whois in a terminal, and the problem went away. NEVER do a domain name search through a web interface. They're not there for your benefit, but for domain name pharmers "

Oy. Where to begin.

First of all, traffic to the root servers isn't vert interesting. They get queries like "what are the nameservers for .com?" or "what are the nameservers for .tv". The root servers serve up the NS records for the top level

Re:

[sqrammi]

Nope, I checked the domain before and after it was registered by the registrar. It was not registered before they checked, and it was afterwards (at least a few hours later). All the people did was type in the domain in Internet Explorer. The "date registered" date showed the day that they typed it into their browser. Another very suspicious thing is that the domain was unregistered after two weeks. I don't remember the exact name of the registrar, something like "King Domain" or something like that.

Re:

[bit01]

I doubt that it was that fast as you are implying.

Trivial to automate.

---

"Advertising supported" just means you're paying twice over, once in time to watch/avoid the ad and twice in the increased price of the product to pay for the ad.

Fun with typosquatters

[base3]

$ dig a.com
$ dig b.com
. . .
$ dig aaaaaaaaa.com
$ dig aaaaaaaab.com
. . .
$ dig zzzzzzzzz.com

Re:Fun with typosquatters

[zappepcs]

This is in fact the correct way to change this situation. When the squatters have to work hard to figure out whether to squat or not...
1 - A few lines of script
2 - p2p dispersal
3 - happiness all around

It should only take about a week before the squatting cycle got so out of hand that domain registration becomes impossible...

ok, script is done... ready?

3... 2.... 1...

Re:

[Target Drone]

Actually this might not be as crazy as it sounds.

1. Randomly generate domain names
2. Draw the domain to the squatters attention by hitting the root servers once Verisign starts selling data. NOTE: Some people say that squatters seem to be able to detect whois lookups and/or URLs typed into IE so it may not be necessary to wait for Verisign.
3. Squatter decides to give the domain a 5 day free "tasting"
4. Through the wonders of p2p dispersal the squatter sees the domain gets some traffic.
5. Squatter decides to purchas

Re:

[cain]

for i in {a..z}{a..z}{a..z}{a..z}{a..z}{a..z}{a..z}{a..z}{a..z}.{com,net,org}; do
     dig $i
done

Re:

[rickb928]

I'll test this on my home machine before I run it on my production box, but then it can run 24x7.

Let the little pus-heads register everything. And then cancel. And then register. And then cancel. Repeat.

I may have to put some delay in the script to make it behave, but if some of us ran this 24x7x365, Would this make squatting too expensive for anyone? And, most importantly, would it cause troubles we can only imagine (or not)???

Re:

[cain]

This may actually be a little better (assumes a modern bash):

while true; do
    for i in com net org; do
        dig `echo $RANDOM*$RANDOM*$RANDOM|bc`.$i
    done
    sleep 1
done

Illegal

[unity100]

That would lead them to procuring unregistered domain names with squatting in mind. Against competition and reason.

KeywordSquatting - Legal, Just Annoying

[billstewart]

There are different markets for this kind of data. Sure, there are name squatters and typosquatters going after the names of existing legitimate businesses, such as microsfot.com and microsoft.biz; this will help them, but fixing it is a job for trademark law, though large businesses often avoid much of the problem by buying up the nearby namespace (typos, other TLDs, other variants on their company name, etc.) which gets them the traffic as well as keeping it from going elsewhere. And there are annoying

i mean

[unity100]

registrar doing this kind of thing is illegal. the top provider of some resources, registrar is roughly the monopoly when it comes to selling domains. registrar(s) actually, in bulk. therefore if a registrar is freely allowed to squat in this manner, then the users dont have a chance. this almost resembles a total monopoly situation.

Registrars aren't monopoly.

[billstewart]

In ICANN's design for the domain name sales system, there are two levels - the single registry which controls the database for a TLD (e.g. all of .com) and the multiple registrars that sell names (and other services) to customers. No registrar is a monopoly, at least for the big TLDs - there are lots of them, all competing with each other. You don't have to buy names from GoDaddy if you don't want to - there are lots of others that can't afford Superbowl commercials. Some specialize in good dependable s

look in broad perspective

[unity100]

technically they are not a monopoly, from individual registrar to individual registrar. BUT, if you take them as registrarS, they are a monopoly in respect to customers, since the all top level registrars constitute the entirety of the domain name distribution rooftop. And if they all freely employ this whois data trick, that directly creates a monopoly situation in which the monopolist (all registrars in this case) can provide themselves preferential treatment when it comes to domain name registrations.

You're still not getting Registry vs Registrar

[billstewart]

You're still not getting the issue of registries vs. registrars. For the ICANN-controlled general-use global TLDs, each TLD has one registry but an open market for registrars. There's one registry that controls the database for .com, but lots of registrars that sell into it, and they don't have access to each other's transactions - they're competing with each other, and all they can tell is what's in the registry (including the names, authoritative nameservers, and limited transaction data.)

If you go to R

you are not getting my point

[unity100]

technicality on the approximations of top level of the domain name system doesn't matter. if this is allowed, inevitably many registrars are going to follow suit for all registries, and eventually there is going to be a situation in that this is a widely adopted practice. yes, its not technically a monopoly, but you'll be hard pressed to find the domain name you want vacant. why just rent a domain name to some 3rd party for $8-10 a year, whilst you can park it on your ad page as registrar and enjoy around $

So thats why Slashdot is always behind Yahoo.

[olddotter]

Haven't seen this story elsewhere and it's based on an anonymous source;

So the dot is now waiting to confirm the stories in the national press before posting them?

Am I marketing challenged?

[starglider29a]

Educate me...

I can't remember an instance where I was trolling for a domain I didn't know, like HotelsInIshpeming.com, landed on a cybersquatter AND saw an ad that I clicked on. "Oh, look, they have percale sheets on sale at Ikea... click, click, spend... Ok, where was I... oh yes... HotelsInIshpeming...."

Are we, the clicking public, this A.D.H.D.?

Why not register variations on your domain?

[Alereon]

Why don't more domain owners take the reasonable step of registering typod variations on their name at the time they set up the property? While obviously this isn't practical for tiny or personal sites, it's reasonable to expect that a major company with the funding isn't going to balk at an extra few hundred dollars to get all common variations on the domain they want. Honestly, if you don't claim the name, you have no right co complain when someone else registers it and puts whatever they want on it.

You don't think of them at the time of registratio

[headbulb]

Then it's too late because someone else thought of them or found one you missed. Then the price for a domain with a good registrar/dns provider isn't cheap. No I am not talking about some cheap godaddy like service I am talking about a dns service which can garentee that lookups won't take more then 150ms to lookup. Which in the end does make the site seem faster.

People hate domain squatters for a reason. They are annoying and stealing customers/time/resources from those people that built up their brand (th

Re:Remove ability to "taste" domains?

[trolltalk.com]

It was probably this one:

Domain Name: BANKOFARNERICA.COM
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois.html [moniker.com]
Name Server: PNS1.TRELLIAN.COM
Name Server: PNS2.TRELLIAN.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 06-sep-2007
Creation Date: 06-sep-2007
Expiration Date: 06-sep-2008

Putting the lower-case 'r' and 'n' side by side looks just like an m.

http://bankofarnerica.com/ [bankofarnerica.com] A-R-N-erica == evil phishing site!
http://bankofamerica.com/ [bankofamerica.com] A-M-erica == real bank site.

mouse over them both, and see how easy it is to misread the url in the status bar.

This is done already

[hansamurai]

This is basically done already. Squatters can buy a domain, and due to the rules that ICANN setup (I think it's ICANN), they can return the domain for free within something like five days. During those five days, they put up a squatting page and keep track of all the hits their site gets, if it gets X number of hits, they keep the domain, otherwise they drop it. All for free.

I recently did a search for a domain on GoDaddy, the domain was available. Three days later when I went to buy it, it was not available and had been recently bought by a squatter or reseller or something. This is a whole different problem altogether and another flaw in the system. Anyways, I made it a point not to go to that site to make sure I didn't give them any hits that would encourage them to keep it.

Either way, I just bought another available domain and use that. Can't be too picky these days.

Re:

[trolltalk.com]

"I recently did a search for a domain on GoDaddy, the domain was available. Three days later when I went to buy it, it was not available and had been recently bought by a squatter or reseller or something. This is a whole different problem altogether and another flaw in the system. Anyways, I made it a point not to go to that site to make sure I didn't give them any hits that would encourage them to keep it."

Actually, its too bad we can't have some "white-hat botnets" to visit such sites on a regular bas

Re:

[El_Muerte_TDS]

Noticed that too. A domain name I was monitoring is now up to it's 3rd squatter. And the end of this week it will probably be available again, only to be bought by a different squatter.

Re:

[22_9_3_11_25]

I had the exact same experience, only I had actually reserved the domain with credit card information but in the 3 days "processing" time it got scooped up only to be given back days later after I settled on my second choice. It was a huge hassle , I had to go through an entire cancellation procedure with the first company. I refused to lookup the name that was my second choice and had a long talk with the hosting company on a strategy to keep it from getting scooped. At the time I reported it to ICANN a

opendns

[Anonymous Coward]

Changing your dns servers to point to the opendns servers will fix many of the typosquatting problems people have:
http://www.opendns.com/ [opendns.com]

Best of all, it is free.

Re:

[TheLink]

And why should you trust opendns more than the little you trust verisign?

One potential positive here...

[damn_registrars]

If the verisign DNS servers track foreign domain names (*.cn, for example), then it would be worth having. I've seen plenty of spamvertised domains that are from foreign registries, and often the registrars over there don't play by our rules. If the verisign registry gave us that data, we could at least figure out who is responsible for the existence of such crap.

And yes, I do recognize that getting something done about it is a different issue entirely. But if the data was at least available, it could

SlashStalking! Re:One potential positive here...

[damn_registrars]

Neato, I have a stalker on slashdot! I don't know that I've seen any anonymous cowards do this before...

Although this person doesn't seem very original, so I suspect that someone else has done this to a different member in the past. Can anyone point me to the precedent? Maybe there's a club here on slashdot for other slashstalking victims ? :)

Re:

[damn_registrars]

You are rather amusing. Quite libelous, and horribly uninformed, but rather amusing nonetheless. You actually are much like a third-rate bully, in the fact that your odd motives far outweigh both your capabilities and your intellect. Therefore as much as I know that the best way to shoo you off is to ignore you, I just can't help but poke back at your atrociously formed "relevant facts".

Have a good day in your curious world. Frankly, if I was hoping to see more strict controls placed on anonymous co

Re:

[damn_registrars]

Maybe in you feel I spout lies

And all your base are belong to us?

On top of the fact that your questions don't deserve being answered, your claims are not backed up by facts. If you look at my posting history, you will see that many of my past comments in other threads have been moderated +5. Your claim of my being a troll just simply doesn't hold water

But I'll let you continue answering captchas and previewing your own typos as you try to make this odd claim. I guess if it somehow makes you feel better about yourself, feel fre

the slashstalking continues...

[damn_registrars]

Are you really sure that most people browse at 1? Or is this just another fact-out-of-ass?

Your insistence to not read the slashdot FAQ is amusing, for sure. If you were to read it, you would find that the default reading level for browsing slashdot discussions is 1. Sure, even anonymous cowards like you are free to change their own viewing level, all the way down to -1 (to see all the trolls posted by other anonymous cowards) or all the way up to 5 (to see only the moderators' favorites).

Basically, the only reason someone would read at -1 is if they are incredibly bored or if they have

Filtering out bogus domains - one approach

[Animats]

Does anyone actually buy anything from those bogus domains, or are they all making their money by what is essentially click fraud? Most of them seem to just deliver ads from the usual ad services.

We've been demoing our filter for bogus on-line businesses, SiteTruth [sitetruth.com], for a while now. Remember "on the Internet, no one knows if you're a dog?" SiteTruth can usually kick the dogs out.

The basic concept is to try to find the business behind the domain. If the web site isn't selling anything and isn't running ads, it's not rated. If it's selling something, there needs to be a business address on the site, preferably one that matches up with business records. So we look through the site for addresses, check SSL certs, look at business directories, do some crunching, and come up with a rating automatically. This is effective against link farms, spam blogs, landing pages, and most of the other trash on the Web.

We use the ratings to reorder search results. We don't block suspicious sites; they just move down in search results. It's a clue stick to apply to suspicious sites - be clear about who's behind the site, or be ignored.

This is an alpha test demo, set up as a search engine web site. The real version will be a browser plug-in. Meanwhile, feel free to try out SiteTruth and complain where appropriate; that's why we're in test. There's a link to the SiteTruth blog on the site if you want to comment. The most interesting searches to try are for heavily spammed keywords, like "herbal viagra" or "london hotels". If your own domains get low ratings, click on the rating icons to find out why. If you're legit, it's usually because the web site has some easy to fix problem.

We've been hearing some grumbling from a few domain owners about this, which indicates we're on the right track. They usually have some long, whiny explanation of why they shouldn't have to disclose the address of their "online business". Tough.

Re:

[thogard]

It appears that people buy from them, just like it appears they are buying from spammers. For example, you visit the web page and you get handed a long life cookie. Some time later you go and sign up for a service or visit a legit business and the long life cookie goes off and the legit company counts you as being from another ad campaign and pay the click fee and they don't even know they just paid someone for typosquatting.

Re:

[Reziac]

Okay, I'm complaining... there are some businesses where no one in their right mind puts a street address on a website (frex, for a kennel, a street address is an invitation to all sorts of meatspace trouble, thanks to the political nuts out there these days).

Re:

[jez9999]

Meanwhile, feel free to try out SiteTruth and complain where appropriate; that's why we're in test.

Well, OK, as you said so... my site got a red bar thingy.

"Secure certificate
No valid certificate."

I'm running a games website, why the fuck does it need an SSL cert?

"Contents of web site
No street address found on the site."

I'm running a games website, why the fuck does it need a street address?

Re:

[Emetophobe]

The basic concept is to try to find the business behind the domain.

From my limited understanding, SiteTruth is only meant for rating online shops. Unless your gaming website is selling something, you shouldn't care about SiteTruth or the rating you receive.

This is retarted...

[Mysticalfruit]

This is how you fix this problem...

Write a perl script that generates fake domains and then does a DNS lookups against them. Thus ensuring that their busy reserving "www.luckylinuxsexmonkeypants.com"

so why was their contract renewed?

[belmolis]

We have known for years that Verisign is a badly behaved company. This is just the latest example. I just don't understand why ICANN renewed their contract. Like Diebold and SCO, this is a company that we don't need.

A better use of this kind of data...

[krycheq]

would be to use it to provide insight on traffic and request patterns for known malware distribution sites, the RBN, and other known bad-actors who are engaged in criminal schemes using DNS morphing techniques to fool people into landing on their sites...

Hmmm... probably not a lot of money in that for them tho...

mmm! tasty!

[capoccia]

so what does a domain taste like? chocolate or vanilla?

Which is it

[fastest fascist]

I thought information wants to be free?

So does it, or does it not?

DNS Needs Supra-National Supervision

[chris_sawtell]

The sooner the whole DNS system is taken out of the control of a bunch of government sponsored & crooked spivs the better. I suggest the ITU [p] who have looked after International Telecoms since 17 May 1865, take over the whole of the DNS as soon as possible.

Ah, catching up with the scammers.

[argent]

They wouldn't let them "monetize" missed lookups directly, so they're farming it out to domain pirates.

It's corrupting the top level either way.