Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

named



On Wed, Dec 1, 2010 at 10:40 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>wrote:

>
> http://digitizor.com/2010/12/01/the-pirate-bay-co-founder-starting-a-p2p-based-dns-to-take-on-icann/
>
> Interesting story, not because of who or what, but the point made down near
> the end:
>
> "One of them has to do with trust. With the current setup, we are putting
> our trust in the DNS servers like OpenDNS, Google DNS etc. to point us to
> the right direction when we want to access a website."
>
> Brought up because of the point made previously about "helpful" DNS
> redirects.  Can you really trust a DNS provider that rewrites RRs behind
> your back?
>
> --Rich P.
>
>
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>

Not just about Google or OpenDNS, it's also about trust when it comes to the
registrar's/registries.  A few years back Verisign (who controls .com &
.net) took it upon themselves to create a wildcard DNS zone for domains that
didn't exist.

Normally, if you do a lookup on a domain that exists, your resolvers go
through the root servers to find out what the authoritative nameservers are
for that domain.  If it doesn't exist the recursive lookups fails and your
browser displays an error.

What Verisign did was, if whatever.com or .net didn't exist, they had the
root nameservers hand out their DNS servers as the authoritative nameserver,
then those DNS servers gave their website IP to your resolver and finally to
you.  Your browser then went to Verisign's website and were told that the
domain didn't exist, but you could buy it.

This is a huge conflict of interest.  Not only does Verisign control .com
and .net, but they also sell domains.  Domain registration is supposed to be
neutral to all registrar's, so why should Verisign be able to take advantage
of this.

Another example of this is Comcrap.  They are doing the exact same thing,
except instead of telling you the domain doesn't exist and trying to sell
you something, they're redirecting you to their own search engine (again so
they can profit).

-matt






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org