Verisign Breaks DNS

September 16th, 2003

Yesterday, Verisign put a wildcard A record into each of the .com and .net top-level-domain records. The effect of this is that every time anyone requests a lookup of a non-existent second level domain name in either .com or .net, they will be supplied with the address of one of Verisign’s servers.

Go ahead – try this link: http://some-nonexistent-domain-name.com

For web browsing, this means you are directed to their “site not found” page.

For email, this means that every misspelled address will mean that Verisign can receive that email.

For programs which rely on DNS lookups (and lookup failures) to perform their duties, EVERYTHING in .com and .net now resolves successfully.

What a boneheaded move. I can’t say it’s out of character for Verisign, who in my opinion has treated their entrusted stewardship of top-level internet naming monopoly as their own personal playground for quite some time.

Ahhhh – here we are – now they want you to use a different method to resolve names than the one in universal common use. I wonder how long it is before a paid license or key is required to perform these lookups?

2 comments to “Verisign Breaks DNS”

  1. Hm, I only seem to get timeouts when I try a nonexistant domain. Have they just built their own DDOS? Or am I the only one with that problem?

  2. Got to love Verisign. Maybe the sheer volume of email they receive will be enough to make them change their minds.

    Either that or some lawsuits.