Petition to stop Verisign's typosquatting abuse of the DNS - TCP-IP

This is a discussion on Petition to stop Verisign's typosquatting abuse of the DNS - TCP-IP ; >All I need is one good heavy ball-peen hammer. It's quite effective >when properly applied to the idiot's head who signed off on doing this: > >*.net. IN A 64.94.110.11 >*.com. IN A 64.94.110.11 > > >I've got a Win2K ...

+ Reply to Thread
Page 12 of 12 FirstFirst ... 2 10 11 12
Results 221 to 227 of 227

Thread: Petition to stop Verisign's typosquatting abuse of the DNS

  1. Re: Petition to stop Verisign's typosquatting abuse of the DNS

    >All I need is one good heavy ball-peen hammer. It's quite effective
    >when properly applied to the idiot's head who signed off on doing this:
    >
    >*.net. IN A 64.94.110.11
    >*.com. IN A 64.94.110.11
    >
    >
    >I've got a Win2K server here that I now cannot print from thanks to
    >Verisiege, and there is not one damn thing that I can do about it either.


    If you absolutely have to have it work the same as it worked
    before then:

    1) Sign up for a copy of the .com zone from NSI. It's free. Start
    downloading it. Twice a day will keep you in sync with. In
    reality, once every 2-3 days works juast fine.

    2) Primary .com on one of your machines. It had better
    be a BIG machine :-) I'd use DJBDNS which is much
    more efficient than BIND especially for something
    like this.

    3) Primary the root and point to your own .com. The root has
    a minor change to is maybe 4 times a month (usually a cctld
    changes a nameserver but old ones are almost certainly kept
    going for about a month, so you really only need to grab a root
    zone (from ftp://ftp.internic.net/domain or some other
    source) once a month.

    Now you'll get DNS not found errors for invalid names. And name
    lookups will be faster. And you'll be immune to outages in NSI's
    root and com/net namervers. The downsise is, you'd batter
    have really big machine to primary .com and you use
    a fair bit of bandwidth grabbing the .com zone.

    This is really the only way around the problem. All the pactches
    so far have all broken something or another.

    Maybe somebody should set up an alternate .com zone
    as some sort of public service. Heh.



    --
    OEM parts - Benz: http://parts.mbz.org BMW: http://buyeuroparts.com
    http://www.mbz.org | Mailing lists: http://lists.mbz.org
    633CSi 250SE/C 300SD | Classifieds: http://ads.mbz.org
    2 X 280SE | Wrist Watch list: http://watches.list.mbz.org

  2. Re: Petition to stop Verisign's typosquatting abuse of the DNS

    On Sat, 20 Sep 2003 12:28:00 +0000, Richard J. Sexton (At work) waxed
    lyrical:

    >>I've got a Win2K server here that I now cannot print from thanks to
    >>Verisiege, and there is not one damn thing that I can do about it either.

    >
    > If you absolutely have to have it work the same as it worked
    > before then:


    Download the Win2K version of BIND with the "delegation-only" patch and
    run that on your Win2K box. Then point DNS to 127.0.0.1.

    --
    G. Stewart -- Remove .YOUR_KNICKERS to reply.
    ---------------------------------------------------------------
    Which is worse: ignorance or apathy? Who knows? Who cares?


  3. Re: [CARTOONEY!] Re: Petition to stop Verisign's typosquatting abuse of the DNS

    Charles Sweeney wrote:
    >
    > "Giblet - MN State Resident" wrote in message
    > news:nJiab.11142$Ly2.1743792@cletus.bright.net...
    >
    >
    >
    > I suppose if I was called chicken-guts I would try to be funny too.


    Well at least his/her moniker is by choice while your stupidity is not.

    > --
    > Charles Sweeney
    >
    www.CharlesSweeney.com

    How one perceives their own accomplishments and contributions in no way
    entitles one to be asinine to another, unknown only to the one
    undoubtedly, is the one is the only one that places such an elevated
    reverence on their self-worth.

    --
    Mark Ferguson
    The Carrot and the Stick
    http://www.whew.com/Help/
    http://the-carrot-and-the-stick.com/

  4. Re: Verisign's land grab

    BP> VeriSign is now violating section 2.1 of RFC 2308.

    JdeBP> No, it isn't. Section 2.1 of RFC 2308 describes how "no
    JdeBP> such name" errors are encoded in responses. Verisign isn't
    JdeBP> publishing "no such name" errors any more, so that section
    JdeBP> is irrelevant. All possible (immediate) subdomains of "com."
    JdeBP> and "net." now exist.

    StWC> It sure violates RFC 974 though.

    No, it doesn't. RFC 974 describes how administrators can use "MX"
    resource record sets to achieve their desired goals, and what meanings
    SMTP Relay clients are to ascribe to such resource record sets. It
    doesn't address the difference between an administrator _accidentally_
    using, as the intermediate domain name of its SMTP Relay server, a
    previously non-existent name that is now subject to Verisign's land
    grab, and an administrator _intentionally_ doing that.

    StWC> Consider the situation of a domain with multiple MX
    StWC> records, [...]

    This is a problem that was discussed within a day of Verisign creating
    its wildcards. That wildcards can and do affect mail transport comes
    as little surprise to anyone. (Although _how_ wildcards, in particular
    "MX" wildcards, affect mail transport is often a surprise to people.
    With the exception of one DNS server software, Microsoft's, "MX"
    wildcards don't actually do what most people want, and expect,
    them to do.)



    Verisign is not, however, violating RFC 974.

    The simple truth is that Verisign is doing what it has been given
    legitimate authorisation (by us) to do, in the very way that the DNS
    provides for doing it. It isn't violating standards. (Nor, indeed,
    do any of the countermeasures that it can take, against the proxy DNS
    server software modifications that people have invented, violate
    standards - despite the defensive claims of some of the authors of
    those mechanisms.) As I keep saying, this _isn't_ a technical
    problem.

  5. Re: [CARTOONEY!] Re: Petition to stop Verisign's typosquatting abuse of the DNS


  6. Verisign's land grab

    RJS> 1) Sign up for a copy of the .com zone from NSI. It's free.

    What are the terms and conditions that are attached ?

    RJS> 2) Primary .com on one of your machines.

    You forgot the important step, which is to delete the wildcards from
    the copy of the database that was obtained in step 1.

    RJS> 3) Primary the root and point to your own .com.

    That is a good idea in its own right, but one that is not strictly
    necessary for the discussion at hand. Most resolving proxy DNS
    servers have mechanisms whereby one can override the delegations in
    the public DNS database.



    And, again, you forgot to mention that the copy of the database
    that one obtains needs to be altered.

    RJS> This is really the only way around the problem. All the
    RJS> pactches so far have all broken something or another.
    RJS>
    RJS> Maybe somebody should set up an alternate .com zone [...]

    At last the penny drops. To make good on their threat to Verisign,
    in the event of its non-co÷peration and refusal to remove its
    wildcards, the root server organizations will have to have an
    understudy organization waiting in the wings to have authority
    for "com." and "net." delegated to it.

    The root server organizations should be talking to one another
    right now and planning for such an eventuality. It's becoming
    more probable.

  7. Re: Verisign's land grab

    In article <3F708316.85195FF0@Tesco.AllYourDomainAreBelongToVe risign.NET>,
    Jonathan de Boyne Pollard wrote:
    >RJS> 1) Sign up for a copy of the .com zone from NSI. It's free.
    >
    >What are the terms and conditions that are attached ?


    Offhand I don't remember. "research" was certainly one
    of them though... and I'm all for experimental
    DNS services. Aren't you?

    >RJS> 2) Primary .com on one of your machines.
    >
    >You forgot the important step, which is to delete the wildcards from
    >the copy of the database that was obtained in step 1.


    Yeah yeah. Weoll I didn't think somebody would actually
    do all this, have it not work then not know why.

    >RJS> 3) Primary the root and point to your own .com.
    >
    >That is a good idea in its own right, but one that is not strictly
    >necessary for the discussion at hand. Most resolving proxy DNS
    >servers have mechanisms whereby one can override the delegations in
    >the public DNS database.


    Rely on the behaviour of some application or know by the config
    files what's what. Hmm... I'm still thinking about this?

    >RJS> This is really the only way around the problem. All the
    >RJS> pactches so far have all broken something or another.
    >RJS>
    >RJS> Maybe somebody should set up an alternate .com zone [...]
    >
    >At last the penny drops. To make good on their threat to Verisign,


    Yeah, and apparantly it dropped on NANOG:

    http://www.merit.edu/mail.archives/nanog/msg14328.html

    >in the event of its non-co÷peration and refusal to remove its
    >wildcards, the root server organizations will have to have an
    >understudy organization waiting in the wings to have authority
    >for "com." and "net." delegated to it.
    >
    >The root server organizations should be talking to one another
    >right now and planning for such an eventuality. It's becoming
    >more probable.


    We've talked about it and the general feeling is one of
    "wait and see". Let's see how the alt.com project goes
    and how stable it is. If at such time it appears to be
    a useful and relibale tool, then poof, we switch out NSI's
    ..com NS records and use the other .com zone by default.

    That is, ORSC would use onvious community consensus,
    readily discernable on usenet and NANOG to drive policy
    concerning the root zone it publishes, not the dark
    satire the legacy process has become.

    The interesting thing would be if this alt.com thing can
    do it for $4 or Gof dorbid $2 a name; NSI charges $6
    and since the registrars are utter whores over price
    a compete switchover could be as simple as trolling
    in rec.pets.cats.

    This would be a good thing (tm) - it would demonstrate
    that the net as a self organizing community will in
    its best tradition simply route around the damage to the DNS
    that has occured in the last few years by sending a "hands off
    or we'll go around you" message to the US (and other)
    governments.

    Geeks vs. Washington. Pass the popcorn.


    --
    OEM parts - Benz: http://parts.mbz.org BMW: http://buyeuroparts.com
    http://www.mbz.org | Mailing lists: http://lists.mbz.org
    633CSi 250SE/C 300SD | Classifieds: http://ads.mbz.org
    2 X 280SE | Wrist Watch list: http://watches.list.mbz.org

+ Reply to Thread
Page 12 of 12 FirstFirst ... 2 10 11 12