Order a domain here
Site Finder was a wildcard DNS record for all .com and .net domain names not yet registered by others, run by .com and .net top-level domain operator VeriSign between 15 September 2003 and 4 October 2003.
During that time, Internet users who tried to access these domains were redirected to a VeriSign web portal with information about VeriSign products and purchased links to "partner" sites. This had the advantage to VeriSign of receiving greater revenue from users wishing to register these domain names, however this action has not been lauded within the community.
Such behavior had the effect of "capturing" the web traffic for several million mis-typed or experimental web accesses per day, and meant that VeriSign effectively "owned" all possible .com and .net domains that had not been bought by others as an advertising platform, over a googol new domain names suddenly "belonged" to VeriSign.
VeriSign has described this change as an attempt to improve the Web browsing experience for the naive user. VeriSign's critics see this as disingenuous. Certainly the change led to a dramatic increase in the amount of internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site has been around the 20th most popular site, and reached the top 10 in the immediate aftermath of the change and surrounding controvesy. (Source: Alexa.com (http://traffic.alexa.com/graph?w=379&h=216&r=2m&u=verisign.com/&u=))
There has been a storm of controversy among network operators and competing domain registrars, particularly on the influential NANOG and ICANN mailing lists, some of whom have asserted:
- that this is contrary to the proper operation of the DNS, ICANN policy and the Internet architecture in general
- that VeriSign has breached its trust with the Internet community by using technical architecture for marketing purposes
- that doing this breaks various RFCs and disrupts existing Internet services, such as e-mail relay and filtering. One example of this is spam checking; a computer program may check to see whether mail originates from a valid domain - such wildcard resolving makes all domains appear to be valid.
- that this behavior amounts to typosquatting where the unregistered domain being resolved is a spelling mistake for a famous registered domain
- that VeriSign is abusing its technical control over the .com and .net domains by doing this to exert de facto monopoly control
- that VeriSign may be in breach of its contracts for running the .com and .net domains
Other people and organizations have asserted:
- That the Site Finder service was written entirely in English and therefore was not accessible by people who read other languages. Its grammatical style is specific to the United States of America.
A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the Internet Software Consortium announced that it had produced a version of the BIND DNS software that could be configured by Internet service providers to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.
On 4 October 2003, as a result of a strong letter from ICANN, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future.
On February 27, 2004 VeriSign filed a lawsuit against ICANN, claiming that ICANN has overstepped its authority. Subject of the claim is not only Site Finder, but also VeriSign's much criticised Waiting List Service.
On July 9, 2004 the ICANN Security and Stability Advisory Committee (SSAC) handed down it's findings after an investigation on Site Finder. It founds the service should not be deployed, and that domain name registries that provide a service to third parties should phase out wildcard records if they are used.
- VeriSign's Site Finder Implementation document (http://www.verisign.com/resources/gd/sitefinder/implementation.pdf)
- VeriSign's announcement to NANOG of their wildcard DNS changes (http://www.merit.edu/mail.archives/nanog/2003-09/msg00398.html)
- ICANN Advisory Concerning Demand to Remove VeriSign's Wildcard of 3 October 2003 (http://www.icann.org/announcements/advisory-03oct03.htm)
- Slashdot discussion regarding Site Finder (http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99)
- Internet Software Consortium announcement of "delegation-only" feature that can be used to ignore gTLD wildcards (http://www.isc.org/products/BIND/delegation-only.html)
- VeriSign to revive redirect service CNET article written October 15, 2003 (http://news.com.com/2100-1038_3-5092133.html?tag=nefd_top)
- Washington Post (27.02.2004): Suit Challenges Powers of Key Internet Authority (http://www.washingtonpost.com/ac2/wp-dyn/A9415-2004Feb26?language=printer)
- Findings of ICANN SSAC on Site Finder service (http://www.icann.org/committees/security/ssac-report-09jul04.pdf)