VeriSign's power abuse on the Internet domain name

It seems VeriSign has added wildcard to .COM and .NET domains.

  $ host f0cuser.net a.gtld-servers.net
  Using domain server:
  Name: a.gtld-servers.net
  Address: 192.5.6.30#53
  Aliases:

  f0cuser.net has address 64.94.110.11
  $ host what-the-heck-is-this.com a.gtld-servers.net
  Using domain server:
  Name: a.gtld-servers.net
  Address: 192.5.6.30#53
  Aliases:

  what-the-heck-is-this.com has address 64.94.110.11
  $ host 64.94.110.11
  11.110.94.64.in-addr.arpa domain name pointer sitefinder-idn.verisign.com.
  $ host verisign-sux.com a.gtld-servers.net
  Using domain server:
  Name: a.gtld-servers.net
  Address: 192.5.6.30#53
  Aliases:

  verisign-sux.com has address 64.94.110.11

Basically any invalid .COM or .NET domain names feed into the root name server will yield the address points to VeriSign's site finder site, instead of returning NXDOMAIN. Things that are not supposed to be resolvable are all pointing to VeriSign now, and your mis-typed URL will also end up in VeriSign's default website.

Time to complain to ICANN...


Here's a Whirlpool.net.au discussion thread on this issue, and someone commented that he has modified the HOST file to point to a local webserver that serives a wildcard domain. I think it is quite do-able, and it can be done on the proxy DNS server end to make it effective for the whole LAN. Not sure how it works with MX though. Pointing to a mail server that rejects everything, or else the local MX will keep on trying to relay the mail back to itself...