Slashdot Mirror
Charter Implements SiteFinder-Like DNS
paulbiz writes "Charter Cable's DNS servers have just started resolving all invalid hostnames and pointing them to their own error page. The About page states: 'This service automatically eliminates many of the error pages you may encounter as you surf the web. No software was installed on your computer for this service to work.' It has an 'opt-out' page, but when you use it Charter simply sets a cookie that makes their page redirect errors to Microsoft Live Search instead!" One more reason to use OpenDNS, where you can actually opt out of the custom error page.
That's precisely the reason why I run my own resolver. Also, if I were a customer of those morons, they would get a nice letter demanding to restore their service to proper working or else they'd get no more money.
I've read about various ISPs doing this from time to time, but have any of them actually stuck around for more than a month or so? The stories are usually followed up by a hasty retraction shortly after the launch.
Charter customers (I pity you): make your voice heard!
Although the recommendation to switch to OpenDNS has the same flaws from what I have read. They, too, redirect unknown domains to their "organic search" page. I'm not sure how trees and cows help your search, but I suppose supporting an open, free DNS system is better than letting Charter continue to rake in money at your expense.
I have a feeling that this will die a quick painful death just like sitefinder did.
The goal of computer science is to build something that will last at least until we've finished building it.
Reading things on their faq, like "intercepts phishing attempts" and "corrects typos"
No thanks, I'll just use my work's DNS servers from anywhere I go, since we're not douchebags and don't want to make more income by hijacking other people's surfing.
Also, Earthlink has been doing this for months, which is why I recently replaced the DNS servers that have been burned into my skull since working there in 1998.
I have Charter (who I hate BTW, I had to switch from Comcast to Charter the last time I moved and am now paying more money for worse service), and am still getting the standard "Page Not Found" screen. Of course, I'm running Firefox on a Mac, so . . .
Earthlink does this as well. I really hope this doesn't become more common. They're mucking with the way DNS is just supposed to work, which is bound to cause problems for customers.
Well... It's Charter's network, so I guess they can do what they want, eh?
If you want news from today, you have to come back tomorrow.
I quit using it months ago. Every time I had to go to their DNS to do a lookup I didn't have cached, the first lookup would timeout every single time. The second lookup would only work about 50%. Last time I checked, they were just as bad as ever. I've pointed several friends to OpenDNS and they were all amazed at the difference. Charter's customer server is horrendous and the only reason they have a market lead in this area is because they have exclusive service in so many apartments and subdivisions.
Everyone who wants a properly working Internet connection, moron.
Did you buy that UID on ebay?
Every customer we set up I add openDNS as the secondary DNS in their router which act's as their DNS server. Granted you can only do this with a decent router or in our case the buffalo router with DD-WRT installed. (every customer has a DD-WRT router as we will only work with our router and not anyone elses)
Comcast is notorius for having their DNS dead and by us adding in a secondary DNS that is not ISP locked it gives them more days without problems than their neighbors.
Any geek that is not running a dd-WRT or a OpenWRT router at home is missing out.
Do not look at laser with remaining good eye.
Well, I run my own internet. Gay mac users and Linux hippies aren't allowed, there are no caps on bandwidth, there are no logs kept on what sites I have made that I visit, copying copyrighted content is legal and I use P2P to share anything I want (although I am the only person on the network, so I have set up bots to P2P and share music with), and all the porn sites are free.
See their site for more info.
How does OpenDNS make money?
OpenDNS makes money by offering clearly labeled advertisements alongside organic search results when the domain entered is not valid and not a typo we can fix. OpenDNS will provide additional services on top of its enhanced DNS service, and some of them may cost money. Speedy, reliable DNS will always be free.
Do you use your Internet connection for anything other than HTTP? If so, this 'service' could break things for you. If you use FTP, for example, and typo a hostname then instead of getting a 'server not found' error, you will get a 'connection refused' error. This will make it look like the host is up, but the FTP server is broken.
The same is true of pings. If you ping a non-existent host, then instead of being told 'this host does not exist,' you will get ping returns from their server.
This can potentially break a lot of things. On the plus side, since the ISP is now directly manipulating the data flowing over your Internet connection (and violating a few RFCs), it can no longer claim to be a common carrier and is therefore liable for all copyright infringement committed by its subscribers.
I am TheRaven on Soylent News
Not receiving correct DNS error pages is a problem for those that wish to resolve domains.
But to me it's more simple than that. It means misleading the consumer of the cable service. 'The website does not exist' is being changed to 'we're not being up-front that there was a type, misdirected link, etc, we're going to show you adverts instead'.
The Site Finder-like service further reduces the web from a meritocrious system of links and content, to a mess of adverts.
Will cable subscribers' fees be reduced because of this? Probably not.
There's a slippery slope from a (albeit idealistic) system of content and links, to an advertising mess, to outright DNS poisoning (which, living in China, I'm already experiencing - it was a big problem for Google in 2005).
Oh.
WOW / Wild Out West Cable (in Columbus, OH) has been doing this forever. they have their own site setup for it - seek-aid.com. I complained and at first they denied it existed. They finally admitted it but basically told me to deal with it. The "opt-out" sets a cookie which ignores the site and redirects you to Windows Live search -- yeah, BIG difference...
I use OpenDNS at home and my websites load a LOT faster (ones that aren't cached anyway).
ISPs are stupid and evil.
Isn't there some sort of DNS standard that prevents this type of situation? There are applications out there that depend on getting reliable errors back from DNS. With such pages, DNS will always return an IP, even if none is registered. Sitefinder-like DNS breaks applications.
It's becoming increasingly clear that, in order to protect the internet from the greedy hands of corporations, we need to adopt their tactics; patent the DNS standard and trademark the "DNS" label, so nobody can mangle it and still claim to be DNS.
The FOSS community should start to pro-actively patent, copyright and trademark anything they can, so no corporation can mess it up.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
I think registrars that buy domain names for themselves are worse...
I can avoid typos, I doubt I can avoid a fucking registrar that already buy the domain name I want, and doing nothing with it except ads and trying to resell it at a premium.
for me about a week or two ago. Coincidence?
I've been looking at different alternatives to the standard root servers and didn't like OpenDNS either as they also change DNS replies.
My search ended with ORSN, a European "backup" of ICANN servers. This way I shouldn't be affected by attacks and outages on ICANN servers.
home
their system requirements page helpfully recommends you run Internet Explorer and thankfully they support Windows 98. I was going to head over to netcraft and report the search page as a phishing site so that maybe the few who actually have the netcraft toolbar installed can get a warning. The last time I checked, I was able to browse the internet using a Tandy CoCo and OS-9. But I'm putting in for my upgrade to a vintage 1998 PC so I can get up-to-date.
System Requirements
Don't worry, we're not getting too technical here. Charter High-Speed(TM) Internet is compatible with most computers.
Windows 98 S.P.2/ME/2000/XP
* Processor: 233MHz Pentium or compatible; 300MHz Pentium or greater recommended
* Memory: 64MB; 128MB or greater recommended
* Hard disk: 100MB; 250MB or greater recommended
* Internet Browser: Internet Explorer 5.5; Internet Explorer 6.0 recommended
* Drive: Must have a working CD-ROM Drive
Mac OS 9.0 or Higher
* Processor: PowerPC processor; Power Macintosh G4 recommended
* Memory: 15MB available RAM; 20MB or greater recommended
* Hard Disk: 12MB available hard disk space; 20MB or greater recommended
* Drive: Must have a working CD-ROM Drive
Here is a brief rewrite for your consideration:
The dangers of knowledge trigger emotional distress in human beings.
nameserver 151.203.0.85
nameserver 151.202.0.85
nameserver 65.121.99.5
nameserver 65.121.99.6
And rest assured, so far, neither ISP whose nameservers I'm using seems broken at the moment. (The first two are Verizon, the last two are Coffeynet)
-uso.
What you hear in the ear, preach from the rooftop Matthew 10.27b
Earthlink still has their version Sitefinder. Charter will likely continue with this bad idea. Others will likely follow.
At least Earthlink offers "opt out servers" that function properly.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
Seriously, no one should use OpenDNS. The solution to Charter's fuckery is to run your own caching DNS. The ideal software for this is djbdns. Just switching from your ISP's DNS servers to some fly-by-night third party's servers is RETARDED.
When I did a major server and network change, I switched to OpenDNS (primarily because I failed to write down the DNS servers before I started, and had to get things working again in order to look them up). I used OpenDNS for about a week or so. During that time, it took several seconds to open new web pages or start jobs that accessed remote resources, some things just didn't work at all. I didn't realize what it was immediately, instead after an invalid FQDN returned the open dns error page it dawned on me. I switched back to real DNS servers and my problems went away.
So, if you have nothing else and have to get DNS working, OpenDNS is ok. But, for the long-term, it's better to run your own or find a public DNS service that doesn't play fast and loose with FQDN lookups.
When forwarding scam/spoof emails to either PayPal, or eBay ... your message doesn't get sent but you get a notification that it is being considered spam...
One might think they could build their anti-spam filters to accept messages going to such email addresses as those needed for spoofs..
Of course you can supposedly jump through several hoops to get the message sent, but I don't think that works as advertised (having gotten none of the thank you emails I used to from such online services).
I have Charter, and I haven't noticed any timeouts as some have said. In fact, the only reason I noticed that they switched, is because I mistyped a URL and it took me to their search page, so I started digging around. As long as it keeps working transparently, I could care less if they use it.
I guess I wonder what exactly you should demand out of Charter when a person emails them complaining about something like this. I noticed this page yesterday when I typed a domain name wrong. I was like 'WTF?', but I don't guess I know exactly how to respond to them.
I have Charter, and this annoys me to no end. I simply added www11.charter.net (the website they're currently redirecting me to) to my hosts file, so I get an "Unable to connect" message. It's not perfect, but it at least gives me a somewhat meaningful error.
... register afksjafkljaskfljasklfa.com ASAP.
1. Non-Telco-ISPs and cable companies are not, and never have been, Common Carriers
2. Non-Telco-ISPs and cable companies DO NOT WANT TO BE common carriers.
3. ISPs are protected by the Good Samaritan provisions of the Communications Decency Act. THIS is what protects them from liability, NOT common carrier status.
"Server Not Found" is the error you get when the DNS address doesn't resolve.
"Page Not Found" is a HTTP 404 error, which means you're connecting to an HTTP server.
tasks(723) drafts(105) languages(484) examples(29106)
If you think that's bad, see what my isp (netcabo, Portugal) is doing:
Every now and then when they want to send me a message (e.g. to tell me about "special offers" or whatever), they intercept one of my http requests and reply with a redirect to a page on their website, with the oh-so-important message and a link to the page I had asked for.
Needless to say that scripts that automatically parse web pages get confused.
I talked to their tech support a few days ago about this shadiness. He had no idea this was going on, and rightfully thought it was a malware/spyware problem at first, until I explained a little more clearly what was going on, and he did some poking around and found other blog and forum posts about this. He seemed somewhat surprised that Charter would engage in such a practice and that no one had been told about it.
He was talking with level 2 support while he was on with me and said that they just kept telling him it was probably malware/spyware. Hilarious that they at least see it that way too, but sad that their company pulls this shit on them without telling anyone first. I asked him for a followup, he said he'd pass it along to level 2, I gave him my email address, and that was that. I don't exactly expect to ever hear back from them, so I'll probably have to make a stink at a city Cable Board meeting to get any response.
In the meantime, I hope other folks out there start repeatedly and publicly asking Charter:
- Were they ever going to make an announcement/disclosure to allow customers to opt-out, or at least tell their staff about it?
- Will they provide options for customers who don't allow or regularly clear cookies, such as a non-redirecting DNS?
- Why were they pointing people towards http://optin.charter.net/ , which doesn't exist?
- How much information do they gather about visitors to their link farm?
- Is there a third-party involved providing Charter the redirect (like Barefruit did for Earthlink?)
- How much money are they making from their link farm affiliates?
- Most importantly, do we have any guarantees that they aren't redirecting or degrading other network traffic?
In the meantime, I've switched my DNS over to Level3 (4.2.2.2 and 4.2.2.3).
I noticed this last night, called to complain about it, and spent over an hour on the phone with their tech support. First I had to convince them it was really happening and it was a change to their DNS, it wasn't some browser setting I had ``accidentally'' changed. So they apparently made this change without letting their 1st and 2nd level support know about it.
Then once I got high enough, they tried to weasel out of it with their lame opt-out solution, which even if it worked wouldn't help when I'm making non-browser-based connections. So I guess they want all of my typo'd telnet, ssh, ftp and ping commands to hit their search server instead?
At the end, I asked to be transferred to account services to cancel (gosh I hope Bell doesn't pull the same shit in a month), and the admittedly very understanding engineer begged for a day to look into a way to completely remove the feature from my account. So I'll be calling back tonight.
Rather then OpenDNS, why not use something like orsn, the Open Root Servers Network - not only does this not do anything stupid like "correcting spelling mistakes" using DNS, but it has the benefit of being run in accordance with the RFCs regarding the DNS root, and has a large amount of thought put into it by some very knowledgable people. There are instructions on orsn.net on how to configure ORSN with a wide variety of platforms, from Windows 95 to AIX, as well as a number of popular DNS packages.
http://european.nl.orsn.net/tech-switch.php
I adopted ORSN as a way to send a big "fuck you" message to the IANA, whose management of.. well, many things is less than fantastic, and I haven't looked back.
"'The website does not exist' is being changed to 'we're not being up-front that there was a type, misdirected link, etc, we're going to show you adverts instead'."
A typo of "typo". Oh, the irony.
Comcast rents you a wireless router but they install some firmware that doesn't allow you to use all functionality. I think there is no way to put openDNS on those? I didn't see any menu that said "DNS" or similar...
No, the user will think that the FTP server running on their target host is down, while the target host machine itself appears to be up. (I don't really know how a "domain" goes down, per se.)
Your work's DNS servers are misconfigured if they handle recursive queries for clients outside of their intranet or other networks.
-kayditty (slashdot is trying to keep me from posting for some stupid shit like "karma" -- whatever the fuck that even means)
The networks based around the ARPANET were government funded and therefore restricted to noncommercial uses such as research; unrelated commercial use was strictly forbidden.
You also seem to be confusing F/OSS with non-commercial, Unix saw extensive development at Berkeley based on source distributed by AT&T before they attempted to commercialize it.
I just set openDNS as my settings on my ubuntu machine. It actually was slower. I Have verizon FiOS, btw
Earthlink started this. My local ISP (Cavalier Telephone) has been doing this for 6 months.
they aren't blocking me!
;; ANSWER SECTION: ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Thu Feb 15 10:10:06 2007
(uninteresting bits removed in order to keep the post short, and IP masked because I'm not a moron)
chrisw@filesrv:~$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:D0:B7:1B:FE:E4
inet addr:24.240.xxx.xxx Bcast:255.255.255.255 Mask:255.255.252.0
chrisw@filesrv:~$ host 24.240.xxx.xxx
xxx.xxx.240.24.in-addr.arpa domain name pointer 24-240-xxx-xxx.dhcp.stls.mo.charter.com.
chrisw@filesrv:~$ dig google.com @208.67.222.222
; > DiG 9.3.2 > google.com @208.67.222.222
; (1 server found)
google.com. 156 IN A 64.233.187.99
now, maybe they are blocking incoming DNS queries so that you can't host DNS for your domain on a charter residential line, but there is nothing blocking you from running your own resolver that goes to an external DNS server or even strait to the root servers.
- Disclaimer: Information in this post deemed reliable but not guaranteed.
Sure they do, but their DNS has been as spotty as comcast's lately anyway, from all the hearsay I've seen.
This is why you should use encryption for everything. Sadly the last I checked https://slashdot.org/ just redirects to the cleartext site.
I am trolling
I'm not surprised ISPs are doing this. More will be doing this. What does surprise me is how ISPs try to do this silently and behind closed-door without informing their customers, or even their tech support in some cases.
Think about it this way: Any change an ISP makes that results in 1% (or more) of their customer base calling in for technical support is a cost nightmare. Customer Service is a (*the*) major cost center for ISPs. I guess we have to imagine that they are making more money than the pain of doing the customer service is costing them.
The other thing that surprises me (and obviously I'm biased since I run OpenDNS) is that the search results page linked above is 100% ad-driven. There are no no organic search results for my typo (as far as I can tell). Moreover, when I click on a category to "refine" my results they totally remove the typo'd domain that I had there in the first place instead just giving me generic ads for a category (which is a mediocre CPC on their side) and a crappy search experience on the user side. There is absolutely no user-benefit to what Charter has done here.
I'm proud to say that our page is getting better and better every single day. Compare and contrast. Not only that, but we're driving more and more innovation in both user navigation and fundamental DNS operations. These things go hand in hand. Fundamentally the DNS is about navigation. It's about helping users get where they are trying to go. That's exactly what we intend to help our users do. We know that the changes we have made to how our DNS servers operate aren't for every user which is why we are so clear about how our system works and is why make sure we can manage account settings on a per IP basis (CIDR-style preferences down to
As usual, I'm happy to answer questions where I can.
-david ulevitch
# Hack the planet, it's important.
they only allow me through because I happened to edit the rules to allow it =b
Why does it matter where you get redirect to?
What's wrong with "intercepts phishing attempts" and "corrects typos"? I find this handy at home, especially with computer illiterates (not me).
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Just how does a DNS error page work? Is this a specially crafted UDP packet on port 53? Don't think I've seen one of them. Returning the IP of a charter http server instead of NXDOMAIN for non resolvable domains is NOT a DNS error page (FFS). And thats the problem, its DNS and it should return a DNS error. TCP/IP is not the intraweb. HTML infomercials don't help one iota when you've mistyped a hostname into anything other than a web browser, whereas NXDOMAIN does.
Belkin did this on their home routers a while back, too. I still tell customers and clients to avoid Belkin's networking gear because of that.
End of lesson. You may press the button.
Mediacom in the midwest does this too, terrible company.
Trouble is, no one knows what DNS is.
We'd need to trademark words like "Internet" and "World Wide Web" and related terms that people understand. That way, no one could legally claim to have a website if it required Flash to run, and no one could legally claim to be an ISP unless they provided, at the bare mininum, DHCP and normal, functioning DNS.
Unfortunately, it's a pipe dream. These words are pretty much public domain now, and the public has an understanding of it. I bet you could still make a court case, if you got enough people annoyed, but you can flip a coin on how the judge will rule -- and in any case, they can always fall back to "network provider" and only call themselves an "ISP" over the phone, never in writing.
Don't thank God, thank a doctor!
Triumph of marketing over rationality.
Just because it says "open" at the front it's better? What makes it open? It looks closed to me. It's run as a for profit company, and if you want any control over it you have to give them personal data.
Can we begin with "it probably doesn't do a damn thing" and go from there? Seriously--how is this supposed to "help stop phishing"? I just don't see it.
"You can either have software quality or you can have pointer arithmetic, but you cannot have both at the same time."
I emailed them a complaint about it yesterday. In some places the DNS redirects started over two weeks ago.
What pisses me off the most is that if I click "opt out", further redirects go to live.com. It's a fake opt-out. There is no opt-out.
The worst thing is that it breaks a common spam check in email. Suddenly, all bogus addresses do resolve.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Just checked with a client who lives in Saginaw. Using default DHCP settings which presumably point to Charter's DNS servers, we just get normal dns lookup errors. Now, Charter does know they are using Macs, and I noticed the www11.charter.com webpage that others here have cited on slashdot currently seems designed to look like a PC error page so is it possible they are doing this on limited basis? Who knows.
I had not heard that ISPs are starting to do this... If so we'll have to do some investigation. We (like many others) have Federal trademarks on the word in our domain name. If an ISP doing redirects that make them money on people who are attempting to get to a URL that uses a trademark, then the ISP is making money based essentially on confusion or mistakes with a registered trademark owner and themselves. Trademark violations carry a (US)$100,000 statutory penalty per incident.
So I'd expect this will stop a soon as the ISPs' own lawyers hear about it and tell 'em "No! bad marketing driod, no donut for you!"
I thought it had a list of known phishing sites to prevent access?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
It also means your ISP has some equipment capable of hijacking TCP connections, a.k.a. performing man-in-the-middle-attacks. And that they spent good money on it, and are looking for new interesting ways to use it. If I were you I'd run, not walk, away from that ISP.
By the way, that's another worrying thing about ISPs being creative with DNS. Unless you use ssh or some other protocol that authenticates the remote host, you trust the DNS to guarantee you're not talking to the host you think it is, rather than an impostor. And here you have people who believe delivering phony DNS responses is a good thing ...
Phishers change their websites faster than some people I know change their clothes.
"You can either have software quality or you can have pointer arithmetic, but you cannot have both at the same time."
Does anyone offer authenticated or encrypted DNS? Seems like this would prevent attempts at DNS redirection.
e curity_issues_in_DNS
Also, what happens to spam blacklist checks that use DNS lookups when your ISP starts redirecting DNS requests?
REFERENCES
Security Issues in DNS
http://en.wikipedia.org/wiki/Domain_name_system#S
DNSSEC (Domain Name System Security Extensions)
http://en.wikipedia.org/wiki/DNSSEC
Secret Key Transaction Authentication for DNS (TSIG)
http://tools.ietf.org/html/rfc2845
TSIG (Transaction SIGnature)
http://en.wikipedia.org/wiki/TSIG
I've run my own recursive server that does not forward to the ISPs for about 8 years and have never had a problem with slow resolution.
The only time its even noticable is when doing a traceroute with name resolution, and even then I'm surprised at how fast most names resolve.
In my area at least, Charter rolled out this bullshit on the same day they announced a rate hike. They want you to pay more for this "service".
The most damning part is that "opting-out" just forwards you to "Windows Live" instead, which is obviously an attempt to pretend that they aren't doing what they're doing by doing what Internet Explorer would do anyway. Fuck you, Charter.
Don't become a regular here -- you will become retarded.
No thanks, I'll just use my work's DNS servers from anywhere I go, since we're not douchebags and don't want to make more income by hijacking other people's surfing.
If you are able to do this, your work's DNS servers are misconfigured. A quick Google search leads you to this informative article about the problem and what to do about it.
Oh, and why your work DNS servers are misconfigured, threatening the safety of MY Internet connection...
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Oh, it gets better! "green-lit a post"! Umm, that would be "green-lighted". Networking not your strong suit? Then maybe you shouldn't have commented? English isn't your strong suit either, apparently. Possibly you should give your UID back to Commander Taco.
# grep smtp /etc/services /. filters]
[output omitted by shitty
Port 465 looks good for TLS mail. Use it.
What is wrong with "approved", "accepted" or (since the editors are those who actually posted the stories) "posted"?
Take them to small claims, for the cost of buying your domain back from the scumbag squatter + your time.
Wow, how did the Internet get invented, since it was around before the development of the 233MHz Pentium processor!?
I complained that my typo was being hijacked, and that I didn't know if they were replacing any web page they wanted. Yesterday I was getting error messages on a typo, today I get your webpage. I said, How am I supposed to know if you are replacing my website? I mistyped it, and I didn't know that I had, and then I get your website. I thought you had taken over my website!!
I am put on hold for a bit, then I am told this is a technical glitch and that it will be fixed by tomorrow.
-bub
www11.charter.net, allow me to introduce you to 127.0.0.1