Today VeriSign is adding a wildcard A record to the .com and .net
zones.
This is, as already noted, very dangerous. We in the IETF must work to
put a stop to this attempt to turn the DNS into a directory service,
and quickly. I suggest the following courses of action, to be taken
in parallel and immediately:
0. Urgently publish an RFC ("Wildcards in GTLDs Considered Harmful", or
"DNS Is Not A Directory") to provide a clear statement of the problem
and to unambiguously prohibit the practice.
1. Via ICANN, instruct Verisign to remove the wildcard.
2. Some of us with sufficiently studly facilities should mirror the COM
and NET zones, filtering out the wildcards. Then the root zone can
be modified to point at these filtered COM and NET nameservers.
3. Instruct ICANN to seek another organisation to permanently take over
COM and NET registry services, in the event that Verisign do not
comply with instructions to remove the wildcard.
I believe that the direct action I suggest in point 2 is necessary,
because we have previously seen the failure of the proper channels in
this matter, when Verisign added a wildcard for non-ASCII domain names.
Verisign have shown a disregard for the technical requirements of their
job, as well as displaying gross technical incompetence (particularly
in the wildcard SMTP server). I believe Verisign have forfeit any moral
right to a grace period in which to rectify the situation.
-zefram
--
Andrew Main (Zefram) <zefram(_at_)fysh(_dot_)org>