Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet Businesses

Verisign To Sell DNS Root Server Lookup Data? 115

An anonymous reader writes "According to an editorial at Domain Name News, Verisign is considering selling partial access to DNS root server lookup data. The data would be made available to registrars, who in turn could use it for 'traffic-tasting' non-existent domains entered by any internet user. This would give them a better idea about what bogus domains to put up sites on to capture eyeballs." Haven't seen this story elsewhere and it's based on an anonymous source; YMMV.
This discussion has been archived. No new comments can be posted.

Verisign To Sell DNS Root Server Lookup Data?

Comments Filter:
  • Verisign (Score:2, Insightful)

    by jcicora ( 949398 )
    Does Verisign do anything anymore that isn't just to make a bigger buck, the rest of the world be damned?
    • Re:Verisign (Score:5, Funny)

      by Chyeld ( 713439 ) <chyeld@g m a i l . com> on Tuesday October 23, 2007 @02:55PM (#21090281)
      I'm guessing you don't know much of the history of Network Solutions/Verisign if you can phrase the question using the word "anymore".
      • Yes can someone tell me what the hell is about Network Solutions/Verisign? Why do they still allow the kind of 5 days domain tasting even that caused so much problem? Do they earn money themselve anymore than what these domain tasters earn? What is the benifit for them doing these?

        I googled through and found that there are so many complains about GoDaddy that people's domain tasted by domain tasters in split of a second after query. How its done is still a myth that everyone just guessing there are spywa

        • by kontos ( 560271 )

          can someone tell me what the hell is about Network Solutions/Verisign? Why do they still allow the kind of 5 days domain tasting even that caused so much problem?

          Their ICANN contract requires that they do it. ICANN has formed a committee to study this, so in a year or two, they will have decided if this is a problem, a couple of years after that they will decide what they should do about it, about a year after that they will agree on the verbiage of the new rule, and the problem will be solved when the contract is changed in 2013.

      • I'm guessing you don't know much of the history of Network Solutions/Verisign if you can phrase the question using the word "anymore".

        ITYM Verislime

    • Nope... next question please.
    • by Burz ( 138833 )
      OK, while we're talking about them... http://slashdot.org/comments.pl?sid=334391&cid=21055301 [slashdot.org]
    • by jra ( 5600 )
      No, they don't... but let's be clear, here: the *root* server lookups won't do anyone much good.

      What they have to be *selling* here would be GTLD lookups, and they don't *get* all that data... In fact, I don't think they get *most* of it.
      • I agree, but if they want to do this I think IANA/ICAN should *really* try and put the anchors on Verisign, they're really not supposed to be selling things like this. It's pretty much like an abuse of their power. Why not buy the data from someone like google-analytics instead, which is probably going to be more worthwhile.

        Here in the UK nominet run the show. But nominet are obliged to not sell things like the data to make a buck as they're a not-for-profit organisation. There are some good services that N
    • Does Verisign do anything anymore that isn't just to make a bigger buck, the rest of the world be damned?


      I hear they're also big on damning people...
    • If it werent for Amazon's patent, Verisign would probably like to add buy it now pages on the non-resolving dns names....
  • Well at least now absolutely everyone can get "what you need, when you need it."
    • by v1 ( 525388 )
      I ran into that TWICE today. Makes me wonder, does anyone have statistics on what percentage of registered domain names are typeo squatters? I'd imagine for every one popular site (google.com, youtube.com etc) there are somewhere on the order of 200 typeo squatter domains registered, so there's gotta be a ton of them in all.

      I'm a little surprised that they can make money on these. Either they're getting the domains cheaper than I think they are, are getting more per click / impression than I'm expecting,
      • As a former domain registrar employee, MOST domains registered are fraudulent or typo type things. I kid you not. The whole industry needs to be razed to the ground, preferably by angry federal agents. Acording to the CEO of go-daddy, in April 2006, 32 million of 35 million domain registrations where part of Kiting schemes. It fucks up legitimate registrars, and ICANN doesn't want to do a god damn thing about it. The system is broken almost beyond repair, and frankly the dot COM system needs to be reformed
        • Most of the registrations aren't fraudulent - they're just speculators abusing the 5-day-grace-period thing, seeing whether plausible random names will earn at least $6/year in banner ads and keeping the ones that work. The reason it works is that somebody at ICANN decided a few years ago that the registry shouldn't charge any fees on domains that get returned during the grace period. If GoDaddy or some other registrar is annoyed by it, *they* can perfectly well charge a fee or give only a partial refund
  • by xSquaredAdmin ( 725927 ) on Tuesday October 23, 2007 @02:39PM (#21089975)
    Most residential and business users will be behind a local DNS server, which probably caches the nameservers for individual TLDs. Since those NS entries on the root servers generally have a 48-hour cache time (and many ISPs DNS servers are probably (mis)configured to hold the data for longer), it doesn't seem like many requests would actually be getting through to Verizon's root servers, especially not enough to make a service like this viable.
    • by Cramer ( 69040 )

      be getting through to Verizon's root servers
      It's VERISIGN, not VERIZON. And the lookups for domains will fall up the tree to the root servers. Even if an ISP caches the answer -- which they do -- the original request still made it to the root. No, Verisign will not know every request, but they don't really need to.
    • by jours ( 663228 ) on Tuesday October 23, 2007 @02:54PM (#21090271)
      > it doesn't seem like many requests would actually be getting through

      When the caching server misses on a request, it forwards the request upstream...ultimately ending up at one of the root servers.

      • Mod parent up. (Score:3, Informative)

        by khasim ( 1285 )
        If you're in a corporate office with a correctly configured caching DNS box, the spelling errors should outnumber the correctly entered queries. As seen from the root servers.

        That is because every spelling error must be sent upstream while just about every correctly entered query should be cached locally.
        • Besides, Verisign operates only a fraction of the root servers:

          http://root-servers.org/ [root-servers.org]

          So, reason #N+1 why this data might or might not be worth a bucket of warm piss, with N+2 being as how anycasting biases requests in a more or less geographic fashion.

          Meh.
          • Well, on more reflection I guess a random sample from one of the Verizon servers would be a "valuable" source of mistyped domains.

            So I retract my "meh" and say "pox on Verisign".
          • Re:Mod parent up ^2 (Score:4, Informative)

            by Kalriath ( 849904 ) on Tuesday October 23, 2007 @03:33PM (#21090891)
            Doesn't matter. Verisign is the authority for .com and .net, any request for domains ending in one of those suffixes needs to be queried against Verisign at some point.
            • by nife00 ( 952213 )
              Not technically.
              The root server operators are given the root zone files and they run the server. For this to be worth anything it would require a change in the server software, so only the ones run by verisign would ever actually comply.
              • Yes, except for one issue - the root servers do not contain the contents of any of the TLDs, even the gTLDs which Verisign is contracted to administer. For example, follow this lookup below:

                Searching for www.msn.com A record at k.root-servers.net [193.0.14.129]: Got referral to b.gtld-servers.net. (zone: com.) [took 113 ms]
                Searching for www.msn.com A record at b.gtld-servers.net. [192.33.14.30]: Got referral to ns3.msft.net. (zone: msn.com.) [took 190 ms]

                Now, here's the Whois for gtld-servers.net:

                Registran
      • Yes, but if it still hits on a known TLD, chances are good that their nameserver will have the NS records for that TLD cached, so the request itself won't hit the root nameservers. If someone requests www.gogle.com, and their local nameserver doesn't have anything cached for the "gogle.com." domain, it'll still likely have the NS records for "com." cached, and thus skip the root nameservers.
        • OP has root servers confused with TLD servers. The root servers should rarely need to be queried.
        • by jours ( 663228 )
          Strictly speaking, you're right...but people don't commonly make a distinction between the root and tld servers. TFA certainly didn't. And since Verisign has both roots and com/net they certainly have the information the article's talking about. You have to read that article very literally to think they're only talking about queries that hit the root.
          • Aah. I was unaware that Verisign owns the .com/.net nameservers. In that case the plan is much more sensible. Also, you should never assume that someone posting on /. has read TFA. ;)
            • by jours ( 663228 )
              > Also, you should never assume that someone posting on /. has read TFA. ;)

              Ain't that the truth. Honestly, the article wasn't very clear...they said "root nameservers" but they sure implied com/net.
    • ...mistyped addresses. The operators of the root servers for the TLD are in the best position to provide this. They do not need to see every request. Cybersquatters would be very interested in registering these domains for crappy stuff like this [slashhdot.org].
    • aww so if everyone on slashdot goes to www.fuck-you-verisign.com, that won't show up as the #1 non existant domain visited when they look? Darn! I was gonna highly recommend that. I dunno, I think it'll work. Cuz aren't there some crappy, little ISP branches that wouldn't have their own DNS servers and just let everything go right up to a main one? I mean even my road runner DNS servers at this very moment are in Kansas according to their WHOIS and I live in an area Wisconsin with almost 100,000 people
    • verisgn and verizon are different.
  • This seems odd (Score:5, Insightful)

    by Anon-Admin ( 443764 ) on Tuesday October 23, 2007 @02:40PM (#21089995) Journal
    I remember when registration of domains was free, all you had to do was figure out how to fill out the paperwork.

    So they sell the data, new domains are registered, and the sites that go up on these domains will be loaded with pop-ups, pop-unders, pop-offs, and pop-up-ur-as* windows.

    Sounds like enabling spam to me!
  • by sqrammi ( 535861 ) on Tuesday October 23, 2007 @02:41PM (#21090021)
    I personally am very against something like this. I've heard of several people just typing a domain name into Internet Explorer, seeing that it didn't exist, and then moments later trying to register the domain only to find that it was just barely registered by some registrar. Of course in these cases, Microsoft or possibly some spyware company was the culprit, but I'd hate for this information to be more quickly and widely available. I can't see how anyone would be OK with this.
    • I check what domains are free by using dig and then looking for NXDOMAIN. This helps to get around any registrar looking at their logs to see what domains people have looked up as free. (I use my own dns server so the queries go to the root servers first)

      I am sick of sites being taken by domain squatters.

      I thought I had a great thing with dig (or nslookup) but that might end if that data is going to be sold too. So then what's the point.

      Some data shouldn't be sold.

    • by suso ( 153703 ) *
      Yes I agree. This is currently going on right now, but its done through webpages or search bar plugins or something. At least for people who know how to do the direct queries, we can get around this, but if Verisign does this, it will prevent people from checking for domain name availability without the fear of it being taken before they can register it.

      I just wrote to Verisign to strongly emphasize that this is wrong. Plus, this would be bad for other registrars because I would think it would cut them o
    • I doubt that it was that fast as you are implying. And what do you mean "some registrar"? Where did they search? At a registrars page? Are you saying that registrar, or some other registrar, registered the name? In either case, it's not likely to happen and means in the former case, the registrar is loosing it's own business (dumb) or is colluding with the competition (also dumb).

      Those people probably just got bit by a coincidence.

      • "I doubt that it was that fast as you are implying. And what do you mean "some registrar"? Where did they search? At a registrars page? Are you saying that registrar, or some other registrar, registered the name? In either case, it's not likely to happen and means in the former case, the registrar is loosing it's own business (dumb) or is colluding with the competition (also dumb).

        Those people probably just got bit by a coincidence.

        I used to see it happen a LOT - then I stopped doing name lookups thro

        • by rs79 ( 71822 )
          "I used to see it happen a LOT - then I stopped doing name lookups through web interfaces, and do a whois in a terminal, and the problem went away. NEVER do a domain name search through a web interface. They're not there for your benefit, but for domain name pharmers "

          Oy. Where to begin.

          First of all, traffic to the root servers isn't vert interesting. They get queries like "what are the nameservers for .com?" or "what are the nameservers for .tv". The root servers serve up the NS records for the top level
      • by sqrammi ( 535861 )
        Nope, I checked the domain before and after it was registered by the registrar. It was not registered before they checked, and it was afterwards (at least a few hours later). All the people did was type in the domain in Internet Explorer. The "date registered" date showed the day that they typed it into their browser. Another very suspicious thing is that the domain was unregistered after two weeks. I don't remember the exact name of the registrar, something like "King Domain" or something like that.
      • by bit01 ( 644603 )

        I doubt that it was that fast as you are implying.

        Trivial to automate.

        ---

        "Advertising supported" just means you're paying twice over, once in time to watch/avoid the ad and twice in the increased price of the product to pay for the ad.

  • by base3 ( 539820 ) on Tuesday October 23, 2007 @02:44PM (#21090073)
    $ dig a.com
    $ dig b.com
    . . .
    $ dig aaaaaaaaa.com
    $ dig aaaaaaaab.com
    . . .
    $ dig zzzzzzzzz.com
    • by zappepcs ( 820751 ) on Tuesday October 23, 2007 @03:01PM (#21090365) Journal
      This is in fact the correct way to change this situation. When the squatters have to work hard to figure out whether to squat or not...
      1 - A few lines of script
      2 - p2p dispersal
      3 - happiness all around

      It should only take about a week before the squatting cycle got so out of hand that domain registration becomes impossible...

      ok, script is done... ready?

      3... 2.... 1...
      • Actually this might not be as crazy as it sounds.
        1. Randomly generate domain names
        2. Draw the domain to the squatters attention by hitting the root servers once Verisign starts selling data. NOTE: Some people say that squatters seem to be able to detect whois lookups and/or URLs typed into IE so it may not be necessary to wait for Verisign.
        3. Squatter decides to give the domain a 5 day free "tasting"
        4. Through the wonders of p2p dispersal the squatter sees the domain gets some traffic.
        5. Squatter decides to purchas
    • by cain ( 14472 )
      for i in {a..z}{a..z}{a..z}{a..z}{a..z}{a..z}{a..z}{a..z}{a..z}.{com,net,org}; do
           dig $i
      done
      • I'll test this on my home machine before I run it on my production box, but then it can run 24x7.

        Let the little pus-heads register everything. And then cancel. And then register. And then cancel. Repeat.

        I may have to put some delay in the script to make it behave, but if some of us ran this 24x7x365, Would this make squatting too expensive for anyone? And, most importantly, would it cause troubles we can only imagine (or not)???
        • by cain ( 14472 )
          This may actually be a little better (assumes a modern bash):

          while true; do
              for i in com net org; do
                  dig `echo $RANDOM*$RANDOM*$RANDOM|bc`.$i
              done
              sleep 1
          done

  • That would lead them to procuring unregistered domain names with squatting in mind. Against competition and reason.
    • There are different markets for this kind of data. Sure, there are name squatters and typosquatters going after the names of existing legitimate businesses, such as microsfot.com and microsoft.biz; this will help them, but fixing it is a job for trademark law, though large businesses often avoid much of the problem by buying up the nearby namespace (typos, other TLDs, other variants on their company name, etc.) which gets them the traffic as well as keeping it from going elsewhere. And there are annoying
      • registrar doing this kind of thing is illegal. the top provider of some resources, registrar is roughly the monopoly when it comes to selling domains. registrar(s) actually, in bulk. therefore if a registrar is freely allowed to squat in this manner, then the users dont have a chance. this almost resembles a total monopoly situation.
        • In ICANN's design for the domain name sales system, there are two levels - the single registry which controls the database for a TLD (e.g. all of .com) and the multiple registrars that sell names (and other services) to customers. No registrar is a monopoly, at least for the big TLDs - there are lots of them, all competing with each other. You don't have to buy names from GoDaddy if you don't want to - there are lots of others that can't afford Superbowl commercials. Some specialize in good dependable s
          • technically they are not a monopoly, from individual registrar to individual registrar. BUT, if you take them as registrarS, they are a monopoly in respect to customers, since the all top level registrars constitute the entirety of the domain name distribution rooftop. And if they all freely employ this whois data trick, that directly creates a monopoly situation in which the monopolist (all registrars in this case) can provide themselves preferential treatment when it comes to domain name registrations.
            • You're still not getting the issue of registries vs. registrars. For the ICANN-controlled general-use global TLDs, each TLD has one registry but an open market for registrars. There's one registry that controls the database for .com, but lots of registrars that sell into it, and they don't have access to each other's transactions - they're competing with each other, and all they can tell is what's in the registry (including the names, authoritative nameservers, and limited transaction data.)

              If you go to R

              • technicality on the approximations of top level of the domain name system doesn't matter. if this is allowed, inevitably many registrars are going to follow suit for all registries, and eventually there is going to be a situation in that this is a widely adopted practice. yes, its not technically a monopoly, but you'll be hard pressed to find the domain name you want vacant. why just rent a domain name to some 3rd party for $8-10 a year, whilst you can park it on your ad page as registrar and enjoy around $
  • Haven't seen this story elsewhere and it's based on an anonymous source;

    So the dot is now waiting to confirm the stories in the national press before posting them?
  • Educate me...

    I can't remember an instance where I was trolling for a domain I didn't know, like HotelsInIshpeming.com, landed on a cybersquatter AND saw an ad that I clicked on. "Oh, look, they have percale sheets on sale at Ikea... click, click, spend... Ok, where was I... oh yes... HotelsInIshpeming...."

    Are we, the clicking public, this A.D.H.D.?
  • Why don't more domain owners take the reasonable step of registering typod variations on their name at the time they set up the property? While obviously this isn't practical for tiny or personal sites, it's reasonable to expect that a major company with the funding isn't going to balk at an extra few hundred dollars to get all common variations on the domain they want. Honestly, if you don't claim the name, you have no right co complain when someone else registers it and puts whatever they want on it.
    • Then it's too late because someone else thought of them or found one you missed. Then the price for a domain with a good registrar/dns provider isn't cheap. No I am not talking about some cheap godaddy like service I am talking about a dns service which can garentee that lookups won't take more then 150ms to lookup. Which in the end does make the site seem faster.

      People hate domain squatters for a reason. They are annoying and stealing customers/time/resources from those people that built up their brand (th
  • This is done already (Score:5, Interesting)

    by hansamurai ( 907719 ) <hansamurai@gmail.com> on Tuesday October 23, 2007 @03:16PM (#21090627) Homepage Journal
    This is basically done already. Squatters can buy a domain, and due to the rules that ICANN setup (I think it's ICANN), they can return the domain for free within something like five days. During those five days, they put up a squatting page and keep track of all the hits their site gets, if it gets X number of hits, they keep the domain, otherwise they drop it. All for free.

    I recently did a search for a domain on GoDaddy, the domain was available. Three days later when I went to buy it, it was not available and had been recently bought by a squatter or reseller or something. This is a whole different problem altogether and another flaw in the system. Anyways, I made it a point not to go to that site to make sure I didn't give them any hits that would encourage them to keep it.

    Either way, I just bought another available domain and use that. Can't be too picky these days.
    • "I recently did a search for a domain on GoDaddy, the domain was available. Three days later when I went to buy it, it was not available and had been recently bought by a squatter or reseller or something. This is a whole different problem altogether and another flaw in the system. Anyways, I made it a point not to go to that site to make sure I didn't give them any hits that would encourage them to keep it."

      Actually, its too bad we can't have some "white-hat botnets" to visit such sites on a regular bas

    • Noticed that too. A domain name I was monitoring is now up to it's 3rd squatter. And the end of this week it will probably be available again, only to be bought by a different squatter.
      • I had the exact same experience, only I had actually reserved the domain with credit card information but in the 3 days "processing" time it got scooped up only to be given back days later after I settled on my second choice. It was a huge hassle , I had to go through an entire cancellation procedure with the first company. I refused to lookup the name that was my second choice and had a long talk with the hosting company on a strategy to keep it from getting scooped. At the time I reported it to ICANN a
  • opendns (Score:2, Interesting)

    by Anonymous Coward
    Changing your dns servers to point to the opendns servers will fix many of the typosquatting problems people have:
    http://www.opendns.com/ [opendns.com]

    Best of all, it is free.
  • If the verisign DNS servers track foreign domain names (*.cn, for example), then it would be worth having. I've seen plenty of spamvertised domains that are from foreign registries, and often the registrars over there don't play by our rules. If the verisign registry gave us that data, we could at least figure out who is responsible for the existence of such crap.

    And yes, I do recognize that getting something done about it is a different issue entirely. But if the data was at least available, it could
  • by Animats ( 122034 ) on Tuesday October 23, 2007 @03:57PM (#21091223) Homepage

    Does anyone actually buy anything from those bogus domains, or are they all making their money by what is essentially click fraud? Most of them seem to just deliver ads from the usual ad services.

    We've been demoing our filter for bogus on-line businesses, SiteTruth [sitetruth.com], for a while now. Remember "on the Internet, no one knows if you're a dog?" SiteTruth can usually kick the dogs out.

    The basic concept is to try to find the business behind the domain. If the web site isn't selling anything and isn't running ads, it's not rated. If it's selling something, there needs to be a business address on the site, preferably one that matches up with business records. So we look through the site for addresses, check SSL certs, look at business directories, do some crunching, and come up with a rating automatically. This is effective against link farms, spam blogs, landing pages, and most of the other trash on the Web.

    We use the ratings to reorder search results. We don't block suspicious sites; they just move down in search results. It's a clue stick to apply to suspicious sites - be clear about who's behind the site, or be ignored.

    This is an alpha test demo, set up as a search engine web site. The real version will be a browser plug-in. Meanwhile, feel free to try out SiteTruth and complain where appropriate; that's why we're in test. There's a link to the SiteTruth blog on the site if you want to comment. The most interesting searches to try are for heavily spammed keywords, like "herbal viagra" or "london hotels". If your own domains get low ratings, click on the rating icons to find out why. If you're legit, it's usually because the web site has some easy to fix problem.

    We've been hearing some grumbling from a few domain owners about this, which indicates we're on the right track. They usually have some long, whiny explanation of why they shouldn't have to disclose the address of their "online business". Tough.

    • by thogard ( 43403 )
      It appears that people buy from them, just like it appears they are buying from spammers. For example, you visit the web page and you get handed a long life cookie. Some time later you go and sign up for a service or visit a legit business and the long life cookie goes off and the legit company counts you as being from another ad campaign and pay the click fee and they don't even know they just paid someone for typosquatting.
    • by Reziac ( 43301 ) *
      Okay, I'm complaining... there are some businesses where no one in their right mind puts a street address on a website (frex, for a kennel, a street address is an invitation to all sorts of meatspace trouble, thanks to the political nuts out there these days).

    • by jez9999 ( 618189 )
      Meanwhile, feel free to try out SiteTruth and complain where appropriate; that's why we're in test.

      Well, OK, as you said so... my site got a red bar thingy.

      "Secure certificate
      No valid certificate."

      I'm running a games website, why the fuck does it need an SSL cert?

      "Contents of web site
      No street address found on the site."

      I'm running a games website, why the fuck does it need a street address?
      • The basic concept is to try to find the business behind the domain.

        From my limited understanding, SiteTruth is only meant for rating online shops. Unless your gaming website is selling something, you shouldn't care about SiteTruth or the rating you receive.
  • by Mysticalfruit ( 533341 ) on Tuesday October 23, 2007 @04:02PM (#21091307) Homepage Journal
    This is how you fix this problem...

    Write a perl script that generates fake domains and then does a DNS lookups against them. Thus ensuring that their busy reserving "www.luckylinuxsexmonkeypants.com"
  • by belmolis ( 702863 ) <billposer@@@alum...mit...edu> on Tuesday October 23, 2007 @04:10PM (#21091423) Homepage

    We have known for years that Verisign is a badly behaved company. This is just the latest example. I just don't understand why ICANN renewed their contract. Like Diebold and SCO, this is a company that we don't need.

  • would be to use it to provide insight on traffic and request patterns for known malware distribution sites, the RBN, and other known bad-actors who are engaged in criminal schemes using DNS morphing techniques to fool people into landing on their sites...

    Hmmm... probably not a lot of money in that for them tho...

  • so what does a domain taste like? chocolate or vanilla?
  • I thought information wants to be free?

    So does it, or does it not?
  • The sooner the whole DNS system is taken out of the control of a bunch of government sponsored & crooked spivs the better. I suggest the ITU [p] who have looked after International Telecoms since 17 May 1865, take over the whole of the DNS as soon as possible.
  • They wouldn't let them "monetize" missed lookups directly, so they're farming it out to domain pirates.

    It's corrupting the top level either way.

news: gotcha

Working...