[council] Revised Resolution regarding Verisign Registry Site Finder Service

Cade,Marilyn S - LGCRP mcade at att.com
Thu Sep 25 04:05:44 UTC 2003

Dear fellow Councilors and liaisons

Given input from some other councilors, other events of relevance, I am submitting a modified version of my earlier resolution to Council. The intent of the resolution is to establish Council's interest and concern; to show the Council's support to Board and President, and to the Security and Stability Advisory Committee for their actions to date, and to indicate the Council's commitment to participate fully in all processes to better understand the impact of new registry level service on the DNS and Internet, and to advise the Board of the intent of Council to undertake any relevant and appropriate work related policy development.


"Whereas, the primary and overriding imperative to ICANN's mission is the stability and reliability of the global DNS and the  Internet. All entities of ICANN share responsibility to consider reliable, predictable, secure, and stable operation of the DNS and the Internet infrastructure in the development of any policies, or any changes in operations or introduction of new services. 

Whereas, the global Internet is dependent upon standards and design principles and practices that are undertaken and agreed to by the private sector through collegial and bottom up, consensus based processes. 

Whereas, on September 15, 2003, VeriSign Registry introduced a wild card registry service into .com and .net zones that creates a registry-synthesized address record in response to look ups of domain names that are not present in the zone. This registry service changes the routing of traffic by directing traffic that would have otherwise resulted in a 'no domain' notification to the "sender" to a VeriSign operated web site with search results and links to paid advertisements.

Whereas this change creates the appearance that any possible string of letters is a "live" domain, a significant operational change with many implications that are not yet fully understood. The VeriSign server also substantially changes the way email is queued, routed, and responded to in the .com and .net domains; presenting burdens on ISPs and network connectivity providers of all sizes. 

Whereas applications developed to rely on a RCODE 3 response for a non existing domain have been negatively affected by this change. 

Whereas work around at the routing and at the DNS level have been deployed by various members of the community to stop the effect of the wildcards. 

Whereas, concerns have been expressed by many in the community that wildcards in such significant zones negatively affects the stability of the DNS. 

Whereas complaints have been received about the service and its harmful and burdensome impact on other service providers and  including but not limited to: anti-Spam software is being negatively affected.

Whereas, there was no notice, comment, nor consultation with affected infrastructure entities by Verisign Registry.

Whereas, significant questions of harm to the stability and reliability of the Internet are raised in a variety of technical forums

Whereas the IAB commentary published its architectural Concerns on the use of DNS wildcards on 19 September 2003. 

Whereas VeriSign Registry on 21 September 2003, responded to Paul Twomey, President and CEO, ICANN, acknowledging ICANN's advisory and declining to suspend the service until they (VeriSign) has an opportunity to collect and review available data. 

Whereas the Security and Stability Advisory Committee, 22 September 2003,has published its recommendations related to the service advising that the stability of the Internet has been considerably weakened through the introduction of ambiguous and inaccurate responses in the DNS, calling on Verisign to voluntarily suspend the service and participate in the various review processes now underway and on ICANN to examine the procedures of change in service, including provisions to protect users from abrupt changes in service.

Therefore, the gNSO Council:

Supports ICANN's actions to
1) monitor community reaction and experiences with the new registry service
2) request advice from the Security and Stability Advisory Committee and from the IAB on the impact of change introduced by the registry service of VeriSign
3) encourages broad participation by the community in the upcoming meeting hosted by the Security and Stability Advisory Committee
4) pledges its members support for the upcoming meeting

Requests that ICANN 
1) provide a ruling of whether this service is a registry level service, in violation of existing accreditation agreements and if so, take  immediate appropriate steps to end the service until required process is undertaken; 
4) in any event, obtain a suspension of the service until the various reviews on the service are completed and presented to ICANN, whether through voluntary or involuntary means 

Pledges to 
1) work cooperatively to ensure full opportunity to fully understand the service, its implications for the DNS, and what steps are needed for retroactively addressing service introduction, and proactively present a recommendation regarding the need for a formal notice and comment process in the introduction of new services at the registry level via undertaking a PDP.



More information about the council mailing list