VeriSign breaks broken thing
Yes, on some fundamental level I believe Verisign's abuse of wildcard DNS for their Site Finder service is wrong. But that doesn't necessarily mean it's all bad.
Analysis of the F Root Server has shown a huge number of unnecessary queries. Much of the resolver infrastructure out there is broken, but rather than fixing it we expect the root and gtld servers to take the strain. It's occasional changes, like Verisign's, that expose these problems.
Take this recent message to the Register:
Today, for no apparent reason, print jobs just stuck in the queue for a few minutes before timing out. To make a long and tedious set of troubleshooting steps short, it turned out the problem was the Verisign DNS change. Due to the way DNS is setup on the server (Because it is the LAN's top-level DNS server) a search for the local printer was being routed via the Internet. I guess it must always have worked this way, but because the printer would never resolve to a routable IP address it must have then tried a local lookup.
Anyhow now, thanks to Verisign, my server always resolves the printer to the external IP address for their search service, hence the dead print jobs, forcing me to move the printer share to a different server.
Clearly it's not Verisign who are broken here - any local print setup that keeps making gtld-server lookups for non-existent domains is more that just broken, it's positively brain damaged.
Patch and move on. Hopefully Verisign will next assign themselves delegation of reverse resolution for private intranet addresses and sell them as 255 character AdWords-style promos.
$ dig +short -x 10.0.1.4for.the.best.values.in.domain.registration.visit.verisign.com.
Public outcry by keen traceroute users ought to help fix things. Of course resolving them to long strings of obscenities would probably speed that up a little - especially when some of the email originating from private networks gets rejected by zealous content filters.
net: posted at 12:50, link