Hey, SiteFinder is back, again...

Andrew Sullivan andrew at ca.afilias.info
Mon Nov 5 18:09:10 UTC 2007

On Mon, Nov 05, 2007 at 11:52:02AM -0500, Patrick W. Gilmore wrote:
> authority for a TLD is bad, because most people don't have a choice of  
> TLD.  (Or at least think they don't.)

I don't think that's the reason; I think the reason is that someone
who needs to rely on Name Error can't do it, if the authority server
is set up in such a way as to hand out falsehoods.

> But if I want to put in a wildcard for *.ianai.net, then there is  
> nothing evil about that.  In fact, I've been doing so for years (just  
> 'cause I'm lazy), and no one has even noticed.  It is my domain, I  
> should be allowed to do whatever I want with it as long as I pay my  
> $10/year and don't use it to abuse someone else.

I'm not sure I agree.

I think that it's probably true that, if you have a wildcard that
actually resolves so that everyone can use the services they thought
they were trying to talk to, there's no basis for complaint (to the
extent one thinks wildcards are a good idea).  But if you're doing
wildcarding so that people get all manner of strange results if they
happen not to be arriving on port 80, then I think it's evil in any

I _also_ think it's evil to serve wildcards on authority servers for
largeish (100s, anyway) zones, in almost every case.  If the domain
gets big enough that you have that many hosts, then others' ability
to diagnose surprises depends partly on their ability to get
meaningful answers about what things are and are not out there on the
net.  For very small domains, perhaps there is some argument that the
user community is so small that the benefit outweighs the costs.  But
in truth, if I had my 'druthers, I'd go back in time and eliminate
the wildcard feature from the outset, at least for the public
Internet.  (I can see an argument in split-view contexts, note.)

And no, it isn't "your domain".  This is one of the pervasive myths
of the namespace -- one that has been expanding as privatisation of
the DNS has become the norm.  The truth is that namespaces are
rented, and are subject to all manner of terms and conditions.  If
you don't believe me, read your contract with your registrar.  

There are current conditions about labels' relations to other labels,
for example, in all gTLDs (these are the UDRP policies).  There are
rules about what you may and may not register in .aero or .pro, and
what you must and must not do with the resulting domain once you've
been approved.  Many country codes have rules about residency, and if
you move you will find you lose your domain as well.

Policy -- or, I suppose, politics -- is what constrains TLDs from
enforcing more stringent additional rules.  I can't make up my mind
whether a "no wildcard, ever" policy would in fact be a good one to
have.  But it is surely open, and something that could be imposed on
gTLD regisrtations with sufficient support inside ICANN.  (There are
some rather tricky regulations in this area, though.)

> Hijacking user requests on caching name servers is very, very bad,  
> because 1) the user probably doesn't know they are being hijacked, and  
> 2) even if the user did, most wouldn't know how to get around it.  So  
> you're back to the TLD authority problem, there is no choice in the  
> matter.

This is the response I expected, but I have to say that I'm
frustrated by the answer, even during the alternate hours when I
agree with it.  What we're really saying in this case (and I mean
"we", because I say similar things often enough) is that consumer
choice is an uninteresting lever, because most consumers are mindless
sinks who'll take whatever's given to them.  If that's the case, why
is everyone furious when various kinds of heavy regulations are
proposed?  We can't have libertarian paradise and guaranteed correct
behaviour simultaneously.  Libertarians claimed historically that
this dilemma could be solved by market mechanisms.  If the market
mechanism won't actually work, though, what alterantive correction do
you have to propose beyond "some government sets the rules, and
enforces them"?  Isn't that regulation?


Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<andrew at ca.afilias.info>                              M2P 2A8
                                        +1 416 646 3304 x4110

More information about the NANOG mailing list