VeriSign's SiteFinder

On September 15th, 2003 VeriSign inserted wildcard resolvers into their top level DNS root servers (.com and .net domain names) that forces all unregistered or mistyped domain names resolve to VeriSign's SiteFinder search engine. The biggest problem with this change is that it breaks the reverse-DNS lookup verification process used by mail servers to insure that incoming mail is coming from a valid domain. The other problem is that it violates the way that DNS is suppose to work.

Microsoft's Internet Explorer browser does something similar when you type a non-existent domain name, it will redirect you to the MSN site to assist you in finding the site you're looking for. This feature can be annoying for advanced Internet users, but novice users it might actually be of some benefit.

Note: If you run BIND 8 on your DNS servers, you can patch them to work around this problem.

The Aftermath
On September 19th, 2003 ICANN created the following advisory. On September 23th, 2003 VeriSign responded to the public outcry over the SiteFinder service.

---