Verisign isn't particularly popular this week among network administrators after the company changed the DNS system yesterday to take advantage of typing mis-cues. The company yesterday decided to add wildcard DNS records to managed .com and .net domains, in essence redirecting wayward surfers to a Verisign search portal should they get lost while traversing the digital highway. The changes were quietly announced to the North American Network Operators Group (NANOG) mailing list yesterday without much fanfare, but the decision quickly made waves as evident in various forums throughout Broadband Reports.

Users, typing in incorrect addresses, might have originally been directed to an informative error message. Now, thanks to Verisign's changes, those same users will now be redirected to Verisign's sitefinder index. Critics charge that the company is exploiting its role as operators of the root DNS servers in order to advertise to lost users (Verisign was granted top level domain management rights by ICANN when they purchased Network Solutions).

Admins are also upset by a wide variety of other problems the changes will cause, including making it more difficult for mail servers to reject mail from invalid domains. According to one disgruntled critic speaking to the Register, that's not all: "If an MX record points to an invalid host name, that host will now resolve, the SMTP connection accepted and the mail then rejected. Because the rejection is a 550 error, that mail will not get retried *ever* again. If that MX was the highest priority mail server than all mail to that domain name will bounce."

The changes also impact many attempts to eliminate spam. Since many systems attempt to verify the authenticity of a domain to determine an e-mail's validity, now that ALL domains in essence exist (since non-existing domains now trace back to sitefinder), it makes many of these technologies temporarily useless.

Causing a long list of problems simply to advertise has naturally created quite an anti-Verisign push among many admins web-wide. The company had already managed to dig themselves a popularity hole due to a history of somewhat brutish business tactics in regards to domain renewal notices.

Disgruntled techies are already contemplating work-arounds, including hacking BIND (the dns server software) from the top level to disallow wildcards altogether.

Those interested in letting Verisign know what they think of the new system could contact Scott Hollenbeck and Matt Larson from VeriSign's Naming and Directory Services. You could also, in this glorious age of free-speech, let Verisign president W.G. Champion Mitchell, or Chairman and CEO Stratton Sclavos know how you feel as well. Users can also complain directly to ICANN via this form.