VeriSign Inc. is, among other things, the operator of the .com and .net top-level domains, and a certificate authority for X.500 certificates.

VeriSign wildcard DNS controversy

Between 15 September 2003 and 4 October 2003, VeriSign operated a wildcard DNS record for all .com and .net domain names not yet registered by others.

During that time, Internet users who tried to access these domains were redirected to a VeriSign web portal with information about VeriSign products and purchased links to "partner" sites. This had the advantage to VeriSign of receiving greater revenue from users wishing to register these domain names, however this action has not been lauded within the community.

Such behavior had the effect of "capturing" the web traffic for several million mis-typed or experimental web accesses per day, and meant that VeriSign effectively "owned" all possible .com and .net domains that had not been bought by others as an advertising platform, over a googol new domain names suddenly "belonged" to VeriSign.

VeriSign has described this change as an attempt to improve the Web browsing experience for the naive user. VeriSign's critics see this as disingenuous. Certainly the change led to a dramatic increase in the amount of internet traffic arriving at verisign.com. According to the web traffic measurement company Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site has been around the 20th most popular site, and reached the top 10 in the immediate aftermath of the change and surrounding controvesy. (Source: Alexa.com)

There has been a storm of controversy among network operators and competing domain registrars, particularly on the influential NANOG and ICANN mailing lists, some of whom have asserted:

  • that this is contrary to the proper operation of the DNS, ICANN policy and the Internet architecture in general
  • that VeriSign has breached its trust with the Internet community by using technical architecture for marketing purposes
  • that doing this breaks various RFCs and disrupts existing Internet services, such as e-mail relay and filtering. One example of this is spam checking; a computer program may check to see whether mail originates from a valid domain - such wildcard resolving makes all domains appear to be valid.
  • that this behavior amounts to typosquatting where the unregistered domain being resolved is a spelling mistake for a famous registered domain
  • that VeriSign is abusing its technical control over the .com and .net domains by doing this to exert de facto monopoly control
  • that VeriSign may be in breach of its contracts for running the .com and .net domains
Other people and organizations have asserted:

  • That the Site Finder service was written entirely in English and therefore was not accessible by people who read other languages. Its grammatical style is specific to the United States of America.

A number of workarounds were developed to locally disable the effects of Site Finder on a per-network basis. Most notably, the Internet Software Consortium announced that it had produced a version of the BIND DNS software that could be configured by Internet service providers to filter out wildcard DNS from certain domains; this software was deployed by a number of ISPs.

On 4 October 2003, as a result of a strong letter from ICANN, VeriSign disabled Site Finder. However, VeriSign has made public statements that suggest that they may be considering whether they will change this decision in the future.


To be written:

  • VeriSign history
  • acquistion of Thawte

See also:

External links