Verisign uses DNS to draw surfers, BIND to block

According to a slashdot article, Verisign has added wildcards to their .com, .net etc DNS records.

This means if you misspell a domain name (like and that domain name is not registered with anyone, it will redirect to a verisign server with ads that they will make money on. Great. Not.

So, the wonderful folks who write BIND, the DNS lookup software that every unix box uses (including most ISPs, or you can install on OS X) have decided to block this IP so if you do a lookup and BIND gets back that IP address, instead of returning it, they will return an error.

I love it! Touché! This is why no one organization, such as Microsoft, should control every piece of the software puzzle. Checks and balances.

Update:I have installed BIND BIND 9.2.3rc2 on my Mac and now I am no longer redirected to verisign. As the articles point out, Verisign doing this change to DNS without the approval of standards committees, and this is causing some spam filters to consider the entire internet as spam, potentially passes your passwords onto Verisign and other nasties. I say to the BIND organization, “Bravo!”