RoadRunner Intercepting Domain Typos

shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.

OpenDNS Guide

or they can just use OpenDNS But OpenDNS does the exact same thing!

Re:OpenDNS Guide

[jagilbertvt]

This has actually been going on for a few weeks now for New York area customers. However, there is an opt-out option that comes up on the page that comes up. I'm not quite sure how it tracks those opt-outs (by ip address perhaps?), as I didn't delve into it too deeply.

Re:OpenDNS Guide

[mrbcs]

Yes, but the difference is that YOU get control of how these are handled, not your ISP.

Re:OpenDNS Guide

[Meneth]

Which is why I run BIND myself.

Re:OpenDNS Guide

[robogun]

I' pretty sure it opts out by IP addresses - none of my machines came up with that junk after I opted out on one of them.

Even in Firefox, all domains are intercepted and the search page is delivered if you just type the name (good or not)without http:/// and hit enter. IE users won't notice this as IE already delivers MSN Search if you try that.

Re:OpenDNS Guide

[idontgno]

And what's your upstream DNS provider? If it's Road Runner, I bet you'll get bogus A records returned, no matter what protocol you intend to use the resulting IP address with. Similarly with OpenDNS, as far as I can tell.

And I hope for your sake you're running a recent version of BIND. That thing is epic in terms of ancient (but now closed) remote exploit opportunities.

Re:OpenDNS Guide

...except for that the article (even the summary) states that you can disable it there, too. Which makes your point rather...pointless, now doesn't it?

Of course since OpenDNS has the word "open" in it, I'm sure anyone who thinks that their tactics are no better than Time-Warner's in this case will mod this comment into oblivion. Typical Slashdot, predictable, boring, knee-jerk responses with a considerable lack of understanding of the real world.

Re:OpenDNS Guide

[STrinity]

But it's Open, which means it can't be doing anything wrong.

Re:OpenDNS Guide

[EvanED]

And, at least as the summary describes it (the link is broken), you get control from your ISP now: "RoadRunner users can disable this function."

Though I'd be a little surprised if OpenDNS didn't give you a way to disable the guide, I don't see anything on the page your parent linked that says you can.

Re:OpenDNS Guide

[tomz16]

FAIL for failing to understand how DNS works... Your statement is only true if you are running a caching server. No reason why bind can't do its own lookup. You lose out on the cache benefits of a larger DNS server, but don't have to rely on anything other than the roots.

Re:OpenDNS Guide

[beckerist]

I second that motion. I noticed it a few weeks back and I'm a twcny.rr.com resident!

Re:OpenDNS Guide

[tjohns]

I'm not quite sure how it tracks those opt-outs (by ip address perhaps?), as I didn't delve into it too deeply.

They're tracking by the cable modem's MAC address. There's a page explaining this (and how it's insecure) here:

http://rgov.org/road-runners-dns-wildcard

Re:OpenDNS Guide

[bogeyjlg]

Mod me down. Someone beat me to the punch.

Re:OpenDNS Guide

[hal9000(jr)]

You can disable IE from doing that by going to Tools->Internet Options->Advanced and unchecking "Show friendly HTTP error messages."

Re:OpenDNS Guide

[Amouth]

i think they are broken as when i click on the opt out link i get this

"Sorry this service is not available at this time.
Back to www.rr.com
"

Re:OpenDNS Guide

[birrddog]

This is not the case with RoadRunner in the Hudson Valley, NY, neither is it for my RoadRunner in NYC, NY. Maybe they got fed up with all the complaints already?!

Re:OpenDNS Guide

And hope that the provider's DNS servers are not acting as transparent proxies for the root servers....

Re:OpenDNS Guide

[WhatAmIDoingHere]

You opt in to OpenDNS service. You have to opt OUT of the Time Warner service. They should have, at the very least, asked us if we wanted this before making it on by default.

Re:OpenDNS Guide

[MadAhab]

I just programmed my cable modem to use 4.2.2.1-3 for DNS. Problem solved. At work, under a RoadRunner business connection, we've long run our own DNS because the RoadRunner DNS servers have always been just shit.

Suspiciously, however, I didn't turn off the "service". Someone at the other end did it. I refused to give them my phone number, so either they used caller ID to pull up my account without my consent, or they blacked out my cable modem MAC when I started portscanning the server and looking up a hundred variations of www.stopfuckingwithmydnsroadrunnersucksdogballs.com.

All around evil. Cable companies are doing this to boil the Net Neutrality frog, have no doubt about it.

Re:OpenDNS Guide

[brass1]

Your statement is only true if you are running a caching server Actually... OP's statement is only true if they were running a caching name server and they configured it to forward all requests to the upstream's dns servers using bind's forwarder's global option. That configuration would be insanity anyway.

Re:OpenDNS Guide

I believe that this has been happening in the DFW area for a little bit. I managed to get one of those pages a couple of weeks ago.

Re:OpenDNS Guide

[TyrainDreams]

Except for the fact that I've been getting that since I moved into my new house and got RR here in central Ohio and i opted out the first time and it comes back...i thought maybe it was deleted cookies or some other BS method, but my mac doesn't change and my IP hasn't changed and it still randomly comes back...annoying...I'm tempted to blacklist that site on my router...i want it to go NO YOU WERE WRONG instead of giving me suggestions when i get pissed and type fuckshitfuckshit.com and hit enter...definitely not usually things I'm looking for...

Re:OpenDNS Guide

[toleraen]

So what, you didn't opt IN when you signed up for Time Warner in the first place? They just showed up at your house and said "We decided to give you broadband access, that'll be $50"?

Re:OpenDNS Guide

[metalcoat]

Yes, but I have accounts with roch and twcny and can confirm that it happens with both (and has now for about a month), however business accounts are excluded.

Re:OpenDNS Guide

[nschubach]

Really? MSN Search is considered a friendly error message?

Re:OpenDNS Guide

[nschubach]

Well, you could always go with WOW or Comcast... oh, you mean your area doesn't have all three services?

Re:OpenDNS Guide

[Phat_Tony]

Well, it's not on Roadrunner in Cleveland yet.

Yeah, yeah, I know. Cleveland's the last place to get everything new.

Re:OpenDNS Guide

[hairyfeet]

Actually,as someone who has used OpenDNS off and on for awhile now,it really isn't the same.If you are ANYWHERE even close to the right spelling they will fix the spelling and send you to the right place without you even knowing you misspelled.If your spelling is way too far off,but it has a guess that may or may not be right,like Google it will give you a "did you mean____" at the top of the page that you can click and off you go.Whereas with stuff like this and the recent story about "internet redirector" software being installed on new computers they care more about giving you ads than getting you where you want to go.

I have to give the guys at OpenDNS credit,I have lousy spelling skills and type way too fast for my accuracy and yet I think I've seen the OpenDNS page maybe twice in 5+ years.Now I just need to set aside a couple of days and see if OpenDNS plays nice with my dns server on my new cable connection.

Re:OpenDNS Guide

[toleraen]

Beggars can't be choosers

Re:OpenDNS Guide

Really? Why's that, exactly? How does the fact that an incorrectly-typed domain name in a web-browser redirecting to a page owned by the ISP hurt your browsing experience, exactly? It doesn't of course, the best straw that the knee-jerks like yourself can grasp at is that it isn't "standard" behaviour. That's not even a good excuse for the amount of whining Slashdot subscribers do about things that aren't important. "If I type a URL wrong in Firefox on my Gentoo Riceomatic I expect it to do absolutely nothing! What right does the ISP have to alter the network routing on the hardware that they own? BLASPHEMY!"

Do you realize how stupid you actually sound, or are you too busy trying to keep your balance on top of the soapbox?

Re:OpenDNS Guide

[Anti-Trend]

You don't understand what we're talking about, I think. We're talking about resolving www.google.com, not www.goofgles.com or some other typo. When you do a lookup against OpenDNS asking for 'www.google.com', they reply back with one of their own IP addresses instead of Google's real IP.

Re:OpenDNS Guide

[Dachannien]

Well, it's not on Roadrunner in Cleveland yet. That's funny, because up here in Cleveland Heights, it works just fine, much to my chagrin. :P

Re:OpenDNS Guide

[THESuperShawn]

We have researched this here in Charlotte, NC. I don't think its opting-out by IP address- I think it's going by the cable modem MAC. The reason is, users we checked with are only able to opt out if they have a TW/road Runner cable modem (rented from TW/RR). Those who own their own modem and placed it on the TW/RR network can opt-out, but the re-directing still occurs. Seems to be specific with either a config file placed on the TW/RR modem or the MAC address of the modem itself.

We are still doing tests (it just started here in Charlotte yesterday).

Another change over the past few days is that newsgroup access has been halved (connections) from 8 to 4.

Re:OpenDNS Guide

[drtsystems]

I noticed this happening on my connection in the cleveland area (strongsville) a few weeks ago. But I promptly disabled it when i realized it was screwing with my intranet domain resolution. (i.e. ping basementserver would come back with roadrunners IP. extremely agrivating)

Re:OpenDNS Guide

[paulevans]

I use roadrunner, but I use a internal DNS server. Not roadrunner's. Funny thing I've noticed is that I actually get the speed of my service by bypassing their DNS Servers, a easy 200-500K increase in download bandwidth.

Re:OpenDNS Guide

[Frank+T.+Lofaro+Jr.]

Now if you go and fix your DNS search order, you'll be all good! :)

(if it was correct, roadrunner's IP wouldn't override your internal host entries. You could be in for a load of fun problems if a machine in your first searched domain conflicts with one of your own machine names, otherwise).

Re:OpenDNS Guide

[idontgno]

So what you're saying is... you can run BIND and still have this problem. You know, running a caching server.

And you said you weren't running a caching server... when?

But yes, in the standard config, going to the root server as your first hop bypasses the ISP DNS's tendency to lie. Unless your invalid address falls into your lying ISP's DNS zone. Then you'll get lies. So, if you're asking for asdffasdf.com, you're OK, you'll get the root saying "not found". And if you ask for "asdffasf.notsuckingisp.com", you'll get an honest "not found" from notsuckingisp.com's DNS. But if you ask for asdffasdf.rr.com, you wind up asking Road Runner. Which we know will lie. So the problem's not eliminated, just reduced.

Now the other problem, your tendency to not mention the most important part of your argument and then yell "FAIL" at anyone who fails to read your mind... sorry, a local BIND installation can't help you there.

Re:OpenDNS Guide

[Chapter80]

In the mid '90s, one of our lead software engineers approached me with this idea - basically hijacking DNS for anything we wanted. If the domain name doesn't come up (i.e. a typo), redirect to our page. Even redirect to our page for initial users, to stick a Terms and Conditions page in front of them. I thought it merited a Patent search, and we consulted with our patent attorney, who had no idea what we were talking about.

After quite a lengthy discussion and a lot of energy with the attorney, we decided that this would be considered evil. The VERY preliminary patent search turned up nothing, but the attorney made it clear that he would need to spend more of our money to research it further. We had an internal meeting to decide if our little start-up wanted to invest in this patent (maybe $2k) for something that we thought would be evil to produce (or we could be the good guys and enforce our patent, licensing it only to the people we thought were using it for good). We passed, envisioning poor Karma and high legal fees on an ongoing basis. Boy do I regret that!

Now every starbucks and hotel hijacks your DNS until you agree to their terms. No one really thinks that's evil. But the typo hijacking thing is really getting annoying. I wish we'd have pursued it.

I have no idea whether there was prior art (probably was) or if we'd own something of value now. But it was an interesting process for a broke self-funded startup

Re:OpenDNS Guide

[glitch23]

The opt out link is conveniently at the very bottom of the page and in small font. This started approximately 4-6 weeks ago for me and I'm in north-central WV using the ma.rr.com domain. I go thru the columbus, ohio route I believe. I first noticed it in the evening one day and was mad they hijacked my request. Instead of my browser giving me an error I instead get directed to a page that is supposed to "help" me and make my "user experience better". I say leave me the hell alone.

Re:OpenDNS Guide

[Kalriath]

Wrong. You change "Search from the address bar" to "Do not search from the address bar"

Re:OpenDNS Guide

[bcoff12]

>RoadRunner DNS servers have always been just shit.

Truer words have never been spoken.

Re:OpenDNS Guide

[hcmtnbiker]

They've been doing it for Central New Yorkers a couple weeks now. Honestly it pisses me off. I don't want to see their page every time i type a url that isn't in their DNS, I'm paying them enough as it is I dont want them to advertise themselves for me, just give me a no response and I'll figure it out myself.

Re:OpenDNS Guide

[MidoriKid]

According to that link there is no problem. Anyone with some scripting experience can change it to an "opt-in" service for -every- Road Runner customer.

Road Runner does not seem to do any sort of verification that the subscriber ID belongs to the user who is changing the setting; if I provided you with the appropriate link, you could easily opt me in or out of the service. [...] there are only 16,777,216 possible unique subscriber IDs. It would probably take less than an hour for a script to turn the service off for everyone [...]

Re:OpenDNS Guide

[petermgreen]

why would that configuration be insanity. It gives you a local cache while still letting your ISP (which has a bigger pool of requests to work with and a faster connection) do it's own caching and the resolving work.

Re:OpenDNS Guide

[colmore]

You really should have just filed it, the patent clerks take one look at computer lingo they stamp "approved." It's up to the people you drag into court to find out if there's prior art or not.

Re:OpenDNS Guide

[Veinor]

Except they always hijack requests that are results of searches like the auto-"I'm Feeling Lucky" one in firefox, and there's no setting to disable it. You have to e-mail support and ask them to disable it.

Re:OpenDNS Guide

[tylernt]

One word for you guys: DNSMasq. RR's slimy tactic is not new, Verisign started it years ago and DNSMasq has had a fix for a long time. From the man page:

-B, --bogus-nxdomain=
        Transform replies which contain the IP address given into "No such domain" replies. This is intended to counteract a devious move made by Verisign in September 2003 when they started returning the address of an advertising web page in response to queries for unregistered names, instead of the correct NXDOMAIN response. This option tells dnsmasq to fake the correct response when it sees this behaviour. As at Sept 2003 the IP address being returned by Verisign is 64.94.110.11

Re:OpenDNS Guide

[hairyfeet]

I was talking about the article,which is about mistyped domains,such as goofle.com. And why would anyone care where it comes from,as long as you get what you are looking for? I haven't seen anything that would make me think they are altering the pages,and since you are going through their DNS servers it really wouldn't surprise me if they cached certain constantly used pages for speed.That is why I run my own caching DNS server on my pc,it really speeds things up if you can take a hop or two out of the equation.And unlike the Roadrunner typo page,which if you RTFA was nothing more than a click ad page with nothing useful about it,when I do manage to get the OpenDNS page the link that I'm looking for is right at the top of the page,no wading through tons of ads for crap I don't want required.

And lets face it,that is want most of us want--Get me to what I want as fast as possible and with as little crap in the way and as few hops as you can.So if OpenDNS is caching the most popular pages for speed,I say YAY!, Give me faster,every little bit helps. And for those that have never tried running their own DNS caching server Treewalk is as simple as can be.A couple of clicks,a reboot and you're done.No configuring,no tweaking settings,just install and go.Really nice free software.

Re:OpenDNS Guide

[Ponzicar]

Actually, the answer to that is yes. My cable was with Adelphia, and they got bought out by Time Warner.

Re:OpenDNS Guide

[fwr]

Without access to TW's internal network that would be impossible. If they are a Layer-3 hop away the MAC address of the modem is nowhere in the request packet, hence they can't tell what the MAC address is. The only way to determine the MAC address of the device is if you had a device on the same IP subnet, or some type of access to the TW router. That access could be command line access, or SNMP access. I doubt TW would give either to OpenDNS.

Hence, you are barking up the wrong tree.

Re:OpenDNS Guide

[fwr]

I can't believe that got modded 5 informative. We are talking about OpenDNS in this thread, not RR's DNS redirection. OpenDNS does not, and can't, track by MAC address. It's just a DNS server.

With respect to RR's service, again it may use a script that sends your MAC address, but this is not how the service actually works (it can't be, based on how the DNS protocol works). What they might be doing is gathering your MAC address and using that to put you in a different DHCP scope that sets your DNS server to their "corrupted" DNS servers instead of the standard DNS servers. That's a plausible explanation. That the DNS server itself is tracking your MAC address is not.

Re:OpenDNS Guide

[THESuperShawn]

We aren't testing OpenDNS, we are testing TW's DNS "typo service". Didn't mean to imply that we were testing OpenDNS.

Re:OpenDNS Guide

[petermgreen]

Unless your invalid address falls into your lying ISP's DNS zone
What a domain owner says about thier own domains is surely by definition the truth.

Re:OpenDNS Guide

[tjohns]

Maybe I'm wrong, but I'm pretty sure the post I replied to was talking about RR's DNS, not OpenDNS.

Yes, of course the DNS server isn't tracking MAC addresses directly. After all, DNS sits on top of UDP/TCP. However, I don't think they're doing any tricks with DHCP, since the changes take effect way before my DHCP lease expires.

My guess is that the DNS server takes the current request's IP address, queries the DHCP server to see what MAC address it's currently assigned to, then uses that to check the preferences database. However, without knowing RR's architecture, this is all speculation.

All I was trying to get at is that it seems the preferences are keyed on the user's MAC address, rather than IP address, and therefore won't get reset when the user gets assigned a new address by DHCP (unlike OpenDNS, which requires that users on a dynamic IP use a dynamic DNS update client to keep their preferences associated with the right machine).

Re:OpenDNS Guide

[WhatAmIDoingHere]

I didn't opt in for this specific service, no. I want the service I paid for. If they had asked the customers "Do you want to enable this 'feature'?" before turning it on for everyone, I'd be okay with it since I'd just say "No."

And?

Verizon DSL does this too. I don't see how this is a story.

Re:And?

[gEvil+(beta)]

Yup. I noticed Verizon doing this a couple months ago. It didn't even cross my mind to submit it as a newsworthy story, though.

Re:And?

[nwf]

Yea, I noticed this as well and also didn't think something so trivial was news worthy. Now I'd like it if they also re-directed typo-squatters domains as well. That would be a public service, especially anything in the .cm TLD.

Re:And?

[JustOK]

...first they came for your mistyped web addresses and you said nothing...

Re:And?

[gEvil+(beta)]

You're right. I didn't say anything at all. But I did change the DNS addresses on my machines so they ended in .42 instead of .12 like the help page said to do. Now I get "proper page couldn't be found" messages instead of a yahoo/verizon lookup failed page.

Re:And?

First they came and bastardized Pastor Martin Niemoller's quote and I said nothing...

Re:And?

[moderatorrater]

Let's not forget the .cum TLD; that kind of typo can kill productivity for hours.

Re:And?

[CSMatt]

Care to point to this help page? I'd like to disable my redirects too.

Re:And?

[daichiasuka]

Verizon does this for FiOS service as well, and this certainly isn't anything new. Verizon also offers the option to opt-out of this "service" by changing your DNS servers.

Re:And?

[BillGod]

Earthlink has been doing this for years.. Not sure why this is a problem to some people? This is nothing new. Any proxy server inside any company has this capability.

Re:And?

Charter has been doing this for a long time too. Charter also is throttling traffic types and resetting connections in addition to blocking ports but they seem to sneak under the radar. They suck but no other choice by me.

Re:And?

[insanechemist]

Yep - same here verizon DSL does it and its pretty annoying but not sure about newsworthy.....

Re:And?

[thousandinone]

Or 30 seconds for some of us...

Re:And?

[thomas.galvin]

What happens when you have a piece of code that should fail to connect, but instead connects to the RoadRunner typo page? Bad and Wrong, that's what happens.

Re:And?

[jfranklin]

Personally I was glad to see this because since yesterday I've been getting redirected to the RR page when performing a google search through Firefox's search bar. Typing www.google.com into my address bar sometimes also results in their page not found site. Only when I click on their first suggested result (www.google.com) does it take me to the right page. It seems to be intermittent, and it makes me wonder if this "service" is a bit buggy. It also makes me think the slowly loading pages and random dropping of my connection is related to them "upgrading" their services.

Re:And?

[Skater]

I don't have the page handy, but that's the fix - change last part of the DNS entries to what he said. I did mine months ago and actually forgot until I read that post. I think you have to be on Verizon's network to see the page with the info.

Re:And?

[kesuki]

charter cable has been doing this for a while too... i noticed it once when i typed in just the name of a website (without the www or the .com, which works fine in firefox, for well known sites, but it was in ie so it went to this charter redirect page...)

Re:And?

[neersign]

re: verizon dsl

i first noticed this a few weeks ago.

Re:And?

Verizon FIOS also does this.

Re:And?

Qwest DSL also does this. It sucks, but it wasn't very difficult to disable.

Re:And?

minutes, even.

Re:And?

[gEvil+(beta)]

Sorry. Busy day at work. The Verizon page with directions on what to do doesn't allow any sort of direct linking, but you should be able to find it or something pointing to it by googling "verizon dns redirection". Basically you change the last octet in the DNS address to 14 instead of the default 12 (my post saying change it to 42 earlier was incorrect).

New?

[ack154]

I believe they've been doing this for a little while now in my area. I've seen it at my place any my g/f's place. I disabled it already where I am. I was pretty surprised to see it, but instantly looked for a way to turn it off. I'm actually impressed they gave a way to disable it at all though.

Good thing I'm with Comcast not TW

[esocid]

They just throttle my connection until it fails.

Re:Good thing I'm with Comcast not TW

[Moonpie+Madness]

hahaha,
but it doesn't matter how slow my torrents run, if I am running a bittorrent client unencrypted, my Time Warner connection always ground to a halt. I just canceled with Time Warner and switched to U-Verse. The guy on the phone told me "just be sure I bring that modem back whenever it's convenient". When I did five days later, the idiot at the desk told me she was going to change the date I disconnected to the day I returned the stupid modem. Even though the service did not work this week because I was already disconnected. Sounds like a nice, fun way to fuck with the idiots who accept that explanation. Looking forward to seeing how the final bill handles the situation!

Somehow I don't think AT&T will be an improvement in the billing department.

Re:Good thing I'm with Comcast not TW

[WhatAmIDoingHere]

Really? I use RoadRunner (Used to be Adelphia) and I don't force encryption on my torrents and they run just fine. Your issue sounds like PEBKAC to me.

Re:Good thing I'm with Comcast not TW

[Moonpie+Madness]

Note to people who aren't douchebags: PEBKAC stands for 'problem exists between keyboard and chair.' No, it's not me. This is a commonly reported problem, so perhaps you should look into it before insulting me like a 12 year old jackass. I know this is going to blow your mind, but Time Warner has more than one employee, and the people running the show in Austin might do things differently than those in Adelphia, especially if one area is using its bandwidth more than another. For 99% of people, this is a common sense prospect, but for you, if one Time Warner account works fine, they all must!

If I use torrents on any of my 5 computers, within a few minutes my entire connection is slowed down (can't watch Youtube, can't check emails quickly, etc). I can stop the torrent software and everything will stay slow for several minutes, but return like switch has flipped. If I encrypt, the slowdown does not occur. Strangely, I no longer have this problem with U-Verse, and did not have this problem in the past with Cox Communications.

You could use this amazing thing I like to call google and see that a lot of people are experiencing the same problem with Time Warner over the same period of time (November through now).

Re:Good thing I'm with Comcast not TW

[JackieBrown]

Same here in San Antonio

DFW

[Hungus]

I noticed this happening a couple of weeks ago in the DFW area at a few clients houses and then my own. Obviously I disabled it immediately but it is still very annoying to say the least.

And this is new?

[wiredog]

Don't most ISPs in the US do this?

Re:And this is new?

[c0nsole]

No, no they do not.

Re:And this is new?

[pembo13]

I would certainly hope not.

Re:And this is new?

[betterunixthanunix]

Not to my knowledge. This is definitely a first for RoadRunner; I've been with them for several years now, and haven't seen anything like this.

Re:And this is new?

Zoomtown in Cincinnati has been doing this for over a year. It's not like this is news. At all.

Re:And this is new?

[Gewalt]

Yes, every major ISP in the us either has it, or is in the process of rolling it out.

The technically illiterate do indeed see it as a benefit, and its a welcome feature by the masses.

The technically literate of us know how to opt out of the feature, and it's not a problem by any means at all. It's if they start leaving us no way to opt out that I'll get pissed. But then there's always OpenDNS, which so far, noone needs, but one day we might.

Re:And this is new?

[omeomi]

No, Comcast doesn't.

Just noticed that somebody has already registered jkshdfkljh23sadf.com. Way to go Mr. Private, Registration...

Re:And this is new?

[_Hiro_]

Awww, you beat me.

It could be worse... He could've used asdf.com as an example...

Re:And this is new?

[ameyer17]

I know one of the few good things about AT&T's DSL service is that they don't do this yet. Although, I do run BIND locally. I'm wondering what's stopping $evil_ISP_that_typosquats_on_DNS from redirecting all UDP traffic over port 53 to their own DNS resolvers, other than making power users angry.

Re:And this is new?

[destiny71]

Charter has been doing it for at least a year now.

Re:And this is new?

[ashridah]

Probably because there's not enough to gain.

Only tech-savvy people will be bypassing this practice by using bind or another caching name server, and name service traffic doesn't really have enough volume to warrant interception for cost-cutting purposes, really.

Of course, ISPs can still be bastards. I'm constantly surprised by how broken the internet is here in America. I thought I had it bad in Australia. Apparently I actually had it good, with an ISP that doesn't play games with my connection, for any reason (and the CEO personally would make that claim on the consumer-run ISP forum whirlpool.

Now if i could just get that ISP to start installing ADSL2 DSLAMs in America. Screw this cable and FioS crap.

Re:And this is new?

[thetorpedodog]

Second. And at least Time Warner provides a way to opt out of it...I've been searching, but haven't found any similar option for Cincinnati Bell. (Can anybody help?)

Re:And this is new?

[thetorpedodog]

I also just noticed that they appear to be using the exact same service, from Yahoo. (Should'a looked at that part before I posted the above comment...)

Re:And this is new?

[Thunder+Rabbit]

Yah I'm pissed because Mr Private is trying to make cash off it; I was going to send everyone to get Rick Rolled! At least my waste of the domain would have been funny, not greedy.

What's next?

[gtrubetskoy]

http://ww23.rr.com/index.php?origURL=http://www.google.com

Re:What's next?

[MightyYar]

Coooool... you can make them say anything!

Re:What's next?

[perdue]

http://ww23.rr.com/index.php?origURL=http://www.google.com

Lest anyone think this demonstrates that Road Runner is intentionally blocking Google, the trick here is that you can arbitrarily edit the string after ?origURL= to produce a page describing any website couldn't be found.

• http://ww23.rr.com/index.php?origURL=http://www.apple.com
• http://ww23.rr.com/index.php?origURL=http://ww23.rr.com
• http://ww23.rr.com/index.php?origURL=http://slashdot.org

Re:What's next?

Cool.

Re:What's next?

[DeadChobi]

Fukken Saved!

Re:What's next?

Tomorrow on slashdot: thousands of slashdotters try to find their own penis, using DNS!

Re:What's next?

Road Runner, is this a good idea?

Re:What's next?

[Michael_Burton]

The parent was modded "funny," but since Road Runner started doing this here in Columbus, Ohio, about a month ago, it has periodically lost amazon.com, cnn.com, and other sites I've been surfing. No joke.

Doesn't happen on Bright House.

[morgan_greywolf]

In case any Bright House RoadRunner customers were wondering -- this doesn't happen on Bright House (at least in the Tampa Bay area) (yet?). Can any other Bright House customers report?

Been at least a month

[pembo13]

I noticed that they were doing it. Was going to mention it to my local LUG, but /. beat me to it -- procrastination, what can I say.

Squatting www.jkshdfkljh23sadf.com

[daveywest]

Seems like I should be registering this and pointing it to my porn/phishing site right now.

Re:Squatting www.jkshdfkljh23sadf.com

[garett_spencley]

You inspired me to try a few out of curiosity. Not surprisingly asdf.com as well as asdfg.com and asdfgh.com are all registered.

I actually laughed when one of them served an ad titled "Learn how to type".

Re:Squatting www.jkshdfkljh23sadf.com

It's too late. Someone already has it on GoDaddy.com. Not that anyone is surprised.

Re:Squatting www.jkshdfkljh23sadf.com

[BillBrasky]

You're too late! Someone already dropped a parking page there via godaddy.

Re:Squatting www.jkshdfkljh23sadf.com

too late...it's been GoDaddy'ed

Re:Squatting www.jkshdfkljh23sadf.com

Too late. Someone already did. http://www.jkshdfkljh23sadf.com/

I KNEW IT!

[ILuvRamen]

I knew when I first saw a road runner branded "typo ad page" that they were doing it. In fact I actually thought "I'm gonna read about this one on slashdot!" First of all the date is all wrong. They've been doing it for over a week in Wisconsin. Secondly, I'll do you one better. Any time a combined bittorrent upload of mine exceeds 30 KBPS, my modem mysteriously jams up. And also I've done over 100 GB of torrent traffic up and down. Mostly Knoppix and other legal stuff but not all. And about 2 months ago my download speed became capped at about 1500 kbps instead of the new 8000 or whatever they just upped it to. If I use a multi-source downloader like leechget, I can get the full 850 kBps from a good server. Also even at like 2 AM it's the exact same limit so it's not just traffic. So they seem to be throttling me on purpose. That's right, I'm breaking that story right here right now. In fact I've been meaning to call them about it...brb

Re:I KNEW IT!

[gmack]

Any time a combined bittorrent upload of mine exceeds 30 KBPS, my modem mysteriously jams up.

Check your airflow.. it's probably overheating. Try putting an external fan blowing into the air vents and see if it stops doing that.

Re:I KNEW IT!

[Ortega-Starfire]

No, they have been doing this for a while. it is not related to modem overheats.

Re:I KNEW IT!

[gmack]

I bet it is.. I've worked with enough consumer grade equipment to know that most of it tends to be tested at only moderate levels so when you throw a larger amount of traffic onto it then a lot of it will just overheat and lock up.

Switches, DSL modems, cable modems.. all cheap crap.

Re:I KNEW IT!

[yuna49]

Many consumer routers have very small NAT tables and fall over when they are forced to handle many simultaneous TCP sessions. My router would routinely stop working when I was torrenting through it. For me, the solution was to cap the number of simultaneous connections at around 50 or so. Note that this isn't a bandwidth cap, but a cap on the number of connections being maintained (basically equal to the number of seed/peers you're connected to).

My ISP does this too

[Galaga88]

My local ISP (Insight in Evansville, Indiana) does the same thing. Even worse, when you 'opt-out' of their URL redirection, they instead redirect you to a fake IE error page. Slimy.

Re:My ISP does this too

[ivanmarsh]

My Charter service does the same thing. Leave it to a bunch of marketing nimrods to disable a troubleshooting tool so you can't tell the difference between a page not found, site not found or DNS error.

So... I simply blacklisted Charter's redirection site in my firewall and proxy server.

Re:My ISP does this too

[Coward+Anonymous]

I don't understand why you think the fake IE error page is slimy. That's a side effect of the method they use to opt you out. When you opt out they probably store a cookie on your browser that says you opted out. The DNS server has no way of knowing if you opted out so it always redirects to the same "typo" server which then checks your cookie and displays an error for you.

Re:My ISP does this too

[jimicus]

The IE error page is pretty unhelpful at the best of times. You'd have to be nuts to rely on it for error checking. You should use nslookup, dig, ping and traceroute.

Using a cookie to simulate disabling the feature means that nslookup and dig will still return erroneous results, and ping and traceroute will still work even in cases where they shouldn't.

Re:My ISP does this too

[maxwell+demon]

Well, the DNS server certainly knows your IP address, and the ISP certainly knows which IP currently belongs to you.

Of course they could also just give you a different DNS server depending on if you opted out or not.

Re:My ISP does this too

[ChaosDiscord]

Charter did it for a few weeks in the Madison, Wisconsin area over a year ago. Then sometime around the end of last year they turned it back on. The deal breaker was spending over an hour dealing with tech support to try and fix it, and never reaching anyone who understood my problem. So I bailed on Charter. My new provider (TDS) has far more clueful tech support who understand how their network is configured and can work off-script.

This would be fine...

[Oxy+the+moron]

... if it were opt-in and not opt-out. I would like to think that the majority of Internet users who don't use Slashdot have no idea about what actually happens when you type in www.dlibert.com, for example.

Send an e-mail to your subscribers and let them enable the feature if they so desire, but don't force it on your userbase.

Interception, first down!

[themushroom]

Roadrunner's not-found page seems roughly as useful as the default MSN Search page that IE puts up automatically if a page can't be found. Which is to say, not very.

But it's still nowhere near as worthwhile as the "what you want, when you want it" domain squatter pages where most of the links are porn and ads. Catch up, Roadrunner!!

Re:Interception, first down!

domain squatter pages where most of the links are porn and ads. Catch up, Roadrunner!!

Where as with road runner most of the links are to for products made by the Acme corporation!

Mind you if you know what to search for there are some special movie sites featuring Wile E. Coyote and Mrs Roadrunner where you can hear her saying "ahhh uahh meep ahhh uhhh meeeep MEEEEEEEEP!"

ATT does it as well

[B00yah]

They've been doing it for about a year. i always thought it was fairly shady, but they rationalized it by saying other ISPs were doing it as well.

Re:ATT does it as well

[orclevegam]

They've been doing it for about a year. i always thought it was fairly shady, but they rationalized it by saying other ISPs were doing it as well. This is the oldest excuse in the book, so much so that probably every mother on Earth has a response to it (adjusted for language/culture where appropriate): "If everyone else jumped off a bridge, would you?".

Re:ATT does it as well

[B00yah]

"If everyone else jumped off a bridge, would you?".

in the corporate world? Ya, for sure. At least, that's what i've seen, and I've been through a few large isps.

Re:ATT does it as well

[techpawn]

"If everyone else jumped off a bridge, would you?".

Heh... not again...

Re:ATT does it as well

[CSMatt]

Considering that much of the joy I get in life is from the companionship of others, then yes.

Re:ATT does it as well

[ameyer17]

They've been doing it for about a year. i always thought it was fairly shady, but they rationalized it by saying other ISPs were doing it as well.

Not here, as far as I can tell. Looking up a bogus domain using my DSL modem's IP, which presumably caches info from AT&T's DNS server

ameyer17@vodka:~$ host qios3runr3nirq3ngirz3xzgiuo.com 192.168.0.1
Using domain server:
Name: 192.168.0.1
Address: 192.168.0.1#53
Aliases:

Host qios3runr3nirq3ngirz3xzgiuo.com not found: 3(NXDOMAIN)

and using my local BIND install

ameyer17@vodka:~$ host qios3runr3nirq3ngirz3xzgiuo.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host qios3runr3nirq3ngirz3xzgiuo.com not found: 3(NXDOMAIN)

They may be evil, but stick to facts when attacking them.

Re:ATT does it as well

[Dunbal]

This is the oldest excuse in the book, so much so that probably every mother on Earth has a response to it (adjusted for language/culture where appropriate): "If everyone else jumped off a bridge, would you?".

Yet strangely those same mothers insist that you put on extra clean clothes on Sunday and go to the church to attempt to communicate telepathically with non existent magical beings because of the times you play with your genitals - because everyone else does it.

Re:ATT does it as well

this is first hand knowledge, straight from T. Of course, you'll just have to believe me, since this is the internet, and you can't believe anything here. They were training their people on support of devices to do just this almost exactly a year ago.

Re:ATT does it as well

[ameyer17]

Well, they certainly haven't done it here (Elmhurst/Chicago, IL system), at least not yet.

Re:ATT does it as well

[AndrewNeo]

They haven't done it here (Saginaw, MI) Charter here does it, whenever I'm at a friend's I make sure to tell them to use OpenDNS instead (where at least it's useful.) Charter here has horrible DNS problems anyway (one of my own websites could never be accessed with their DNS, though other sites on the same server could be found)

Would you know the difference?

[Otter]

To see if this has been enabled in your area, try visiting www.jkshdfkljh23sadf.com (or something else random) in your web browser.

Are there failed DNS requests any more? I'd thought every combination of characters had its own ad farm by now. If the last few unused ones now also direct to some random ads, I doubt I'd even notice.

Who clicks on those things, anyway? You land on ebaaaaaay.com when your 'a' key sticks and think "Yes, I do want a beautiful Russian bride!"?

Re:Would you know the difference?

[SwordsmanLuke]

Heh, I used to work for a webhosting company that hosted (among many other sites, naturally) a legit (or at least, as legit as these things get) Russian bride service. Our TOS disallowed gambling, spam and "adult" sites, but selling young foreign women to dysfunctional American men? No problem.

Even happening with Lynx

[zerobeat]

Just tried it in West Hollywood area using lynx as the browser. Even then it is getting diverted to their page. Pretty sneaky.

Re:Even happening with Lynx

[orclevegam]

Just tried it in West Hollywood area using lynx as the browser. Even then it is getting diverted to their page. Pretty sneaky. ... you don't really understand how this whole DNS lookup thing works do you?

Re:Even happening with Lynx

[TheCRAIGGERS]

Why would you think Lynx would be immune to this? Lynx requests 'www.slfjiuhsf.com' and gets data back.

Re:Even happening with Lynx

[zerobeat]

Just commenting that their filtering is browser independent. It is simply based on DNS lookup, yes - but did you know that before hand? I have tried lynx -useragent=Various_Options and convinced myself of that. Do you understand that many servers will respond differently dependent on User-Agent: ?

Re:Even happening with Lynx

[leamanc]

Do you understand that your first post made it seem like you thought using a CLI browser like lynx could somehow magically get past your ISP's redirection?

Re:Even happening with Lynx

[zerobeat]

Moderated informative? At least only a 2. "Lynx requests 'www.slfjiuhsf.com' and gets data back." is a major simplification of the protocol. See my comment above for why I tested with lynx.

Re:Even happening with Lynx

[maxwell+demon]

Do you understand that without the redirection, you wouldn't even get to a web server which could then display different content (or show otherwise different behaviour) depending on your browser?

Re:Even happening with Lynx

Either it gives you the correct IP, in which case they have no chance to do anything based on your user-agent, or it gives you the wrong IP, in which case their behavior is incorrect no matter what is going on. User-agent sniffing can't happen until much later than any of the rest of this stuff.

Re:Even happening with Lynx

[TheCRAIGGERS]

A simplification, yes, but still correct. The summary said pretty explicitly that the rerouting was happening on the DNS level. This isn't some HTML or Javascript code that is telling your browser to go elsewhere. This is the DNS server actually returning an IP when it should return an error. There's not a thing Lynx (or any browser) can do about that- as I said, it requests a page and happily displays the data it gets from the server it requested.

Perhaps my comment was modded informative because they thought it would be informative for you and others. Granted, I came off a bit short in my response, but I thought the whole thing kind of silly. At least I didn't ridicule you like the guy that got modded funny. ;-)

QUICK

[p3on]

SOMEONE REGISTER jkshdfkljh23sadf.com AND MAKE IT REDIRECT TO GOATSE

Re:QUICK

[GrassIsRed]

I see it's already registered now. I Don't dare to visit it though.

Re:QUICK

[jandoedel]

It redirects to three banners. Some slashdotter is probably earning money now...

Verizon FIOS does the same in No VA

[schwit1]

http://arstechnica.com/news.ars/post/20070621-sitefinder-redux-verizon-tests-dns-redirect-service.html

Re:Verizon FIOS does the same in No VA

[dreamchaser]

They just started doing it in Pittsburgh as well. The first time I noticed it was about a week ago, but I have been travelling a lot so it could have changed a few weeks ago.

Re:Verizon FIOS does the same in No VA

Verizon does this in southwest Ohio as well.

I saw this before

[SenorToenails]

I noticed this over a month ago in Western NY. At least I can turn it off now.

Who uses their own ISP's DNS servers?

[Gothmolly]

ISP DNS servers are notoriously sucky, or polluted with crap. Find an open one out there at a serious network provider and just use that.

Re:Who uses their own ISP's DNS servers?

[EVil+Lawyer]

Great, thanks for the advice, but how about a little help? Any tips on where to find one or how to start using one if you're, say, not using Linux?

Re:Who uses their own ISP's DNS servers?

[GrassIsRed]

Except when you have a good ISP

Re:Who uses their own ISP's DNS servers?

[EvanED]

Okay, great. So now I have to use a half-DHCP-configured, half-statically-configured setup?

I don't even know if that's possible to set up under Windows; I certainly don't know how to do it. I think it's more likely to be possible in Linux, but I still don't know how to do it.

Re:Who uses their own ISP's DNS servers?

[pthor1231]

At first I thought this qualified as a good ISP. Then I went to their homepage and my eyes were assaulted by the terrible color schemes, and now I'm blind >

Re:Who uses their own ISP's DNS servers?

[Constantine+XVI]

If you're using some sort of router, you should be able to set your own DNS servers network-wide through it's web interface. Otherwise, go to Control Panel-> Network Interfaces-> Right-click (your interface here)->Properties->Internet Protocol (TCP/IP) (in the scroll box)->Properties->Use the following DNS server addresses; and use any/all of these:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4

Re:Who uses their own ISP's DNS servers?

Okay, great. So now I have to use a half-DHCP-configured, half-statically-configured setup?

I don't even know if that's possible to set up under Windows; I certainly don't know how to do it. I think it's more likely to be possible in Linux, but I still don't know how to do it.

With a real DHCP server it is trivially easy. Just assign a "reservation" (in Microsoft DHCP speak) to a machine. Reservations are based on the MAC address. This gives you the same IP for the machine every time it DHCP requests...essentially a fixed IP that is managed centrally.

Then, set whatever options for that reservation that you want, including alternate DNS servers. This works with either Windows or Linux DHCP servers, and just about any DHCP client. But, I doubt that router/firewall DHCP servers have this type of capability.

It's by far easier to just set up a real DNS server, though. Configure it to not "forward" or "proxy" the requests to your ISP server, but rather let it do real recursive lookups using just the root DNS servers as the starting point. Then, configure your DHCP server to hand out the IP address of your DNS server to the clients.

Re:Who uses their own ISP's DNS servers?

Some quick googling says that that DNS server is owned by Verizon, however, there is also some dissention that it does not belong to Verizon.

Do you know?

Re:Who uses their own ISP's DNS servers?

[LordSkippy]

RoadRunner's DNS servers in Austin are especially "sucky". Shortly after I started using RR, I noticed several times where their DNS servers would just hang and not answer requests. Their customer service wouldn't admit it was an issue, even when I told them that the problem would disappear if I used different DNS servers instead theirs. They would only respond with "it must be a Linux issue on your end." I enabled the DNS server on my home server, and gave up trying to get them to fix theirs.

Re:Who uses their own ISP's DNS servers?

[maxwell+demon]

At first I thought this qualified as a good ISP. Then I went to their homepage and my eyes were assaulted by the terrible color schemes, and now I'm blind > See? They helped you to get back from the evil GUI, which is hard to use when blind, to the good command line, which is of course easily used even when blind with the help of a braille display. Granted, you'll have to learn braille first, but then, learning something new is always good, and therefore forcing you to learn something is doing something good to you, too.

See, they already did lots of good things to you, despite you not yet being their customer. They must be a good ISP!

Re:Who uses their own ISP's DNS servers?

[Constantine+XVI]

It looks like they're probably owned by Level3 (one of the Tier1 ISPs, for those unaware), but could be owned or used by Verizon or AT&T. They work everywhere though, no typosquatting to be found (found out about them when Insight started the same shenanigans in KY)

Re:Who uses their own ISP's DNS servers?

[EvanED]

With a real DHCP server it is trivially easy.

The point is that I don't have control of the DHCP server, which is provided by the ISP, so I can't set up a reservation.

Now, I could probably fake it by getting a DHCP license then setting up a static IP to match, but this could cause problems if the ISP decides that I get a new IP.

Now, I could put an insulating layer in there, where I set up another box with a DHCP server, but if you just have one box, that's a lot of work to work around your ISP being dickish.

Re:Who uses their own ISP's DNS servers?

[psm321]

Except that it is trivially easy to tell Windows to use custom DNS while getting an IP/default gateway from DHCP. I don't have a Windows box in front of me to point out they exact steps, but when you go to where you configure it to use DHCP the option is right there.

Re:Who uses their own ISP's DNS servers?

[petermgreen]

in windows 2K/XP it is trivial to set dns servers manually while leaving ip addresses obtained automatically. The option is right there in the TCP/IP settings dialog, the option is between the boxes used to enter the IP address and the boxes used to enter the DNS servers.

it is a bit trickier on linux, you generally have to change the config file for whatever dhcp client you use.

Re:Who uses their own ISP's DNS servers?

[EVil+Lawyer]

Thank you.

Also, WTF? Am I imagining this, or is there some possibility that using these DNS servers has actually sped up my browsing? Is it possible that my standard DNS servers were a bit sucky, and that they were sucky enough to cause a noticeable lag when resolving addresses?

Don't care, I have my own DNS server

[Ars+Dilbert]

My DNS server queries root servers directly, so any poisoning by an ISP would not affect my home network.

The Site Finder stunt NetSol/Verisign pulled a few years ago, that was done on the root servers, wasn't it? That was a lot more disruptive than an ISP creating a catch-all DNS zone on their little DNS boxes.

Re:Don't care, I have my own DNS server

This is not the proper way to handle the situation though. DNS is designed to be run in a hierarchy. This prevents extra network traffic. If everyone on the Internet queried the root servers even if the servers could handle it, it would still cause massive unnecessary Internet traffic slowing down things for everyone everywhere.

Re:Don't care, I have my own DNS server

[Ars+Dilbert]

Actually, this is EXACTLY the proper way to set up DNS. Computers on my network query my DNS server, it in turn queries root servers and caches the queries so there are fewer outbound name lookups. That's how it's done on corporate networks. No one I know uses their ISP's DNS servers. Well except for home users.

Besides, I have an AD domain. It HAS TO have a local DNS server in order to function correctly.

In the grand scheme of things

[jbeaupre]

Can someone explain why I should care? It seems wrong. But not enough to get worked up about. No redirection from the correct page (typo was my fault), just wasting my time waiting for the content to download so that I know I typed a address wrong. I'd rather they didn't do it, but this seems the least of my worries.

Re:In the grand scheme of things

[hal9000(jr)]

I care because if I typo an address, I can click in the URL bar and edit it. When I am redirected to a f*cking helpful search page, I can't do that anymore. I have to select, cut, edit, a whole GET string. It's a pain in the ass. Also, some people use other network enabled stuff than a browser.

I have FiOS at home and luckily VZ has an opt out if you want to go configure your DNS manually in your router.

Re:In the grand scheme of things

[testostertwo]

Well, imagine you were in your car, with your chauffeur.

You ask tell them where you want to go and they say 'OK, sir'.

After half an hour the chauffeur says 'here we are' and you say 'WTF, I asked to go to Spearmint Rhino, why are we at the mall?'

Chauffeur: 'I don't know where Spearmint Rhino is, so I brought you here, you can ask someone or maybe just buy something'.

Time passes whilst you wonder why exactly you're paying this idiot, then someone breaks your window with a mallet and shoves a ton of junk mail through on you.

Re:In the grand scheme of things

[jbeaupre]

Now that's a reasonable explanation. Better than some strained chauffeur analogy.

Re:In the grand scheme of things

[truesaer]

Earthlink does this too and it really pisses me off, partly for the reason you mentioned - correcting a simple typo becomes a big pain in the ass. You can't opt-out with earthlink.

But the bigger problem is that their system falsely redirects on a fairly regular basis, at least every couple days a well known site becomes "unreachable" for 10-30 minutes. I'm talking amazon.com, gmail.com, etc. And when that happens I know they're completely full of shit and wasting my time with a service I pay for.

The comical thing is that I was so frustrated by this I called to switch to roadrunner last weekend. God damnit >

Didn't a registrar do this?

[oahazmatt]

Wasn't there a registrar (I want to say Network Solutions) that was doing the same thing, only it was regardless of whatever connection you were using?

Re:Didn't a registrar do this?

[Todd+Knarr]

There was. What TW's doing is more pernicious, though. When NetSol was doing it, they were returning the A records directly from their first-level nameservers. BIND's no-delegation option can deal with that, because those first-level nameservers aren't supposed to be returning A records and BIND can translate those response into proper NX responses. With TW, since their DNS servers are supposed to be returning A records, there's no way to tell whether a particular affirmative response is valid or invalid. The only way to fix the problem is to cut TW's servers out of the loop entirely. All well and good, until of course TW either starts blocking all traffic to port 53 that's not to their DNS servers (like they do with outbound to port 25 now) or silently redirecting all DNS queries to their servers. Note that both of these are trivial, my own firewall has (commented-out) rules for both and neither takes more than about 3 lines.

Re:Didn't a registrar do this?

[complete+loony]

I thought BIND's no-delegation option was written specifically because of NetSol returning A records, not the other way around.

So?

[Stealth+Dave]

I realize that Time Warner Cable is a Big Evil Corporation(TM), but what's the big deal here? So you type in a domain that does not exist and they give you search results based on that domain. "But they're serving ads, those money-grubbing evil-doers!" Guess what: search engines serve ads! It's true! But let's say you don't want your DNS server sending you ads. That's a reasonable request, since you're already paying for the service. I guess you can just turn them off like the post suggests!

I don't think that the sky is falling just yet on this one.

- Stealth Dave

Re:So?

[pembo13]

well you see, the way the whole thing was designed was that when a client sends out a DNS query, and no DNS server can resolve it, the query is supposed to fail. Simply breaking this design, especially for no good reason is not a good thing.

Re:So?

[Todd+Knarr]

The problem here is that what TW is doing breaks DNS. By the RFCs, when I try to resolve a name that doesn't exist, I'm supposed to get an NX "record does not exist" result. What I get instead is an affirmative A record "name exists at this address" response. What happens at the browser level is irrelevant, TW's DNS system has already lied about the state of the DNS records associated with a given domain. This badly breaks a lot of things that aren't browsers that use HTTP and depend on correct NX responses to tell them when the server they're trying to talk to doesn't exist.

As long as TW doesn't block direct use of non-TW DNS servers this can be worked around. If they start blocking that access, or redirecting all DNS traffic to their servers, then we've got a major problem on our hands.

Re:So?

The *PROBLEM* is that some software expects to get 'cant find' instead of a 'real address'. Yes this works nicely in a browser. However for other software it is not as good.

They just went and did it. Then are going to see what the backlash is, if its not that bad then leave it. Not exactly a real service addition. Just a way for them to rake in a little extra cash. They are not helping their customers. They are helping themselves. Which is fine. But puts them in a bad position if another network comes along and could replace them. They are fungable thing. The only have a 'lock' for now as they are usually 1 of 2 players in a market.

The rr I use has left their network at '6MB' downloads as that is the highest the other provider gives (AT&T). Even though they have the hardware in place for 20MB downloads. There is no business case for them to provide better service.

I think I liked it better when I had a choice of 20 ISPs instead of 2.

Re:So?

[Compenguin]

> The problem here is that what TW is doing breaks DNS. By the RFCs, when I try to resolve a name that doesn't exist, I'm supposed to get an NX "record does not exist" result. What I get instead is an affirmative A record "name exists at this address" response. What happens at the browser level is irrelevant, TW's DNS system has already lied about the state of the DNS records associated with a given domain. This badly breaks a lot of things that aren't browsers that use HTTP and depend on correct NX responses to tell them when the server they're trying to talk to doesn't exist.

I'm still confused. But now a server does exist. How is this any different from a server that has all ports from 80 firewalled off. Can you give me a specific example of what this breaks?

Re:So?

This is trotted out as a complaint every time there's a story like this. But what's the alternative? You have a program that checks a site, for updates or whatever. Now the site stops to exist. Do you get an NX response? No. You get a squatter.

Granted both squatting and intercepting typos are bad practices. But I don't see this impacting programs for real.

Re:So?

[Todd+Knarr]

Say you've got a program on an embedded device that automatically downloads updates. It retrieves "http://updates.devicecompany.com/model/latest-firmware.txt" to check what the latest offered version of the firmware is, and if the latest is greater than what's installed it retrieves "http://updates.devicecompany.com/model/firmware-.dat" and installs it. If the company goes out of business or stops providing updates, updates.devicecompany.com won't resolve anymore or will return a 404 error, so the device doesn't need to do a whole lot of error checking. And error checking means more code, which means more memory needed to hold that code, and this device is designed to be as cheap as possible so it omits anything it doesn't need.

Now, suppose the company goes out of business. No problem for the device, the host it's at is supposed to not resolve anymore so it won't try to contact it. But now TW intervenes. Instead of failing to resolve or getting a 404 error, the grab of the latest firmware version returns garbage (an HTML page, not a properly formatted indication of the latest firmware version). Bam, device crashes. Or worse, it misparses the results and tries to download new firmware. Again, garbage (HTML page) instead of a valid firmware image. But since there's no error checking, it tries to load that HTML page into memory as a firmware image. Bam, one insta-brick.

Or suppose the device isn't even using HTTP. The DNS servers don't know what protocol the device intends to talk, it could be logging into an FTP server or querying data via SNMP for all TW knows. The application gets bogus DNS responses anyway, even though it's not using HTTP or the Web at all. Breakage is the least problem here. The application's sending things like passwords up to the server. Even if it uses SSL to protect against eavesdropping, the TW server is an endpoint and SSL won't stop the endpoint from seeing the data. Do you want to have applications handing your vendor-support-site passwords over to TW because of a typo in a hostname? I sure don't.

This isn't a problem when it's a human running a browser looking at pages. But there's a large chunk of traffic that isn't humans, isn't a browser, and isn't using the Web at all. And TW's change breaks everything except that small, select chunk that's humans looking at a browser window. Bad thing, that.

Re:So?

[brass1]

Can you give me a specific example of what this breaks? Mail servers are a big one. When you inject mail into a mail server, it resolves the MX record for the domain you're sending mail to. If it gets NXDOMAIN, the mail server knows without a doubt that the domain you mailed to doesn't exist. It then generates the NDR (a bounce message), and sends it back to you.

Now that MXDOMAIN is broken, that misspelled domain you accidently typed on the To line now exists as a RoadRunner server. Two things can happen here: 1) the RR server will silently accept your misdirected mail giving them an opportunity to violate your privacy rights by somehow leaking your private communications, or 2) the RR server doesn't accept your mail, and the mail sits in your local mail queue for however many days it keep undeliverable mail before shipping a bounce message back to you.

That's just the tip of the iceberg, though. I can't tell from the link, but if RR is creating replacement records inside existing domains (say, they hand out a record for jkshdfkljh23sadf.google.com instead of correctly returning NXDOMAIN), then they've broken the DNS blacklist testing on almost all mail servers. Most mail servers are configured to check for the presence of a record in the black list domain instead of actually examine the data the MTA gets back for the lookup. Servers which are not configured check the DNS reply on the blacklist lookup now think that the entire Internet is blacklist causing them to reject mail, or treat that mail very suspiciously.

You'd think mail servers on Road Runner's cable network would be rare, but I'll state that they are not. Road Runner has a habit of mixing business (who have a terms of server that specifically allows servers, including mail servers) and consumer (who have a ToS that bans servers but that ban is unenforced for the most part) accounts in the same IP pool.

Re:So?

[statemachine]

Can you give me a specific example of what this breaks?

It breaks spam blocking.

1) One thing that spammers will do is send e-mail with a fake domain in the envelope sender field. My server checks this, and if it resolves, then that's one less tool I can use.

2) Another thing is checking a blocklist. IP address blocklists are queried using the IP address as part of a DNS lookup. Guess what happens when all of them resolve?

It also typosquats my domains (and every other business's domains) in a very non-ethical way that confuses people.

Re:So?

[initialE]

That's retarded, there's no firmware updater out there that won't at least do a simple md5 check. Did you expect your connection to be perfect all the time? What if you get only half a download? Happens even with a fully resolving and working site. Now if some malicious party were to hijack or obtain the domain after the owners have vacated it though, that's another matter, as they might be able to push malware directly onto your embedded system. But it will still have to pass the check.

Re:So?

[Nurgled]

Related to your email example is that spam filters will generally check to see if a domain transmitting mail actually exists before accepting mail from that domain. This makes it possible for someone sending spam to use any non-existant domain as a source and the spam filters will just see that the domain exists and (presumably) publishes no SPF records and therefore accept the message.

Re:So?

Now, suppose the company goes out of business. No problem for the device, the host it's at is supposed to not resolve anymore so it won't try to contact it. But now TW intervenes. Instead of failing to resolve or getting a 404 error, the grab of the latest firmware version returns garbage (an HTML page, not a properly formatted indication of the latest firmware version). Bam, device crashes. Or worse, it misparses the results and tries to download new firmware. Again, garbage (HTML page) instead of a valid firmware image. But since there's no error checking, it tries to load that HTML page into memory as a firmware image. Bam, one insta-brick.

This is a poor argument.

If the device cannot handle invalid or *corrupted* data, such means such as verifying the firmware via a polynomial CRC or cryptographic hash, then it is a poorly engineered piece of garbage anyway. This would probably also be part of the reason the company went out of business in the first place.

Or suppose the device isn't even using HTTP. The DNS servers don't know what protocol the device intends to talk, it could be logging into an FTP server or querying data via SNMP for all TW knows. The application gets bogus DNS responses anyway, even though it's not using HTTP or the Web at all. Breakage is the least problem here. The application's sending things like passwords up to the server. Even if it uses SSL to protect against eavesdropping, the TW server is an endpoint and SSL won't stop the endpoint from seeing the data. Do you want to have applications handing your vendor-support-site passwords over to TW because of a typo in a hostname? I sure don't.

This is also a poor argument.

Any device using such methods for "secure" communication shows a clear lack of understanding of cryptographic protocols. No device can expect the exhange of clear-text passwords to be secure, even over SSL/TLS.

SSL/TLS is vulnerable to man-in-the-middle attacks. Any network in the path to the server could be running a "traffic shaper" which could intercept the SSL/TLS connection establishment and place itself in the middle of the "connection". SSL/TLS cannot be depended on solely as a means to establish a secure connection. With the insecure routing protocols in use today on the internet, it would not be difficult for an unethical "company" to establish peering and routes such that it could intercept the majority of internet traffic, if it had enough money to afford the equipment to support the bandwidth. This means that SSL/TLS can only be depended on if you can trust all internet networks your connection establishment is routed through.

This should bring a whole new perspective for many people on what net neutrality means in respect to the ethics of the network providers today, and the need to trust said network providers with secure commercial transactions on the internet.

The best bet for security today is for each device to have per device unique secrets already know by both parties which can be used to establish identity and secure channels. These secrets should not exchanged directly between parties, but be used to create a one-time token which can be exchanged. One method for doing this in the firmware upgrading situation described above it to use a public key cryptography system such that the devices know the public keys of the server, and the server uses these keys to establish its identity and a secure connection with devices. This of course would mean that protocols such as FTP and HTTP could not be used in their basic forms. For HTTP, SOAP or similar protocols would be required. A secure protocol such as SSL would also be possible. Otherwise, a proprietary protocol would be necessary.

Whether or not DNS is broken, a properly engineered device will still be able to cope with errors. As you can plainly see, you cannot trust any other device to properly follow standards, such as RFC's. Especially RFC's since they poorly define vague standards.

The simple matter of the fact is Road Runner not following DNS RFC's is unethical and annoying, and shows how untrustworthy Time Warner is. Any devices which cannot cope with such errors are poorly engineered in the first place.

Re:So?

[stackdump]

Yea, maybe, But I would not buy that device if it doesn't do some kind of checksum on an image before applying an update.

Yet another one

[MobyDisk]

I use Cavalier Telephone DSL and they've been doing this for years. I called them about it and they suggested that I use alternate DNS servers. Nobody has complained, nobody even cares. IMHO, this is another network neutrality-type issue. Followed the protocols, provide access - don't reroute/intercept/redirect me. (FYI to anyone else using them - they monitor your BitTorrent downloads too.)

Re:Yet another one

[LMacG]

They "monitor" my BT downloads in what way? I had a full-season of Torchwood long before BBC-A decided to show it over here, and some other titles which shall remain unspecified. Never had a problem with speed, never had the CavTel goons knocking on my door . . .

Re:Yet another one

[MobyDisk]

I had my service turned-off by them, and when I called, they told me it was because I downloaded a TV show over P2P. They accurately told me the file name that I downloaded and the date that I did it. F'n scary. It's especially frustrating because I am Mr. Anti-Piracy -- but I was watching a series and missed an episode and I didn't want to fall behind...

Re:Yet another one

[EXMSFT]

Sounds like you might want to choose another communications carrier/medium...

Re:Yet another one

[Tronster]

I use cavtel, and too have faced their own special redirection page. Thanks Cavtel.
Didn't know about monitoring bitorrents though. (I don't have Tivo, and so the option to view a missed show is attractive.) I suppose this isn't illegal... although it does feel a lot like wiretapping.

I wonder if Verizon FIOS is any better in terms of privacy. (Comcast, the only other non-dial up option isn't even up for debate.)

Re:Yet another one

[LMacG]

Damn. Overall I've been pleased with their phone and DSL package. Customer service isn't always great, but that's almost a given.

If I were the type to have ever used WinMX extensively, I might have been impressed at the up/down speeds I'd gotten and the fact that it could be left running for days at a time. IF I were that type. Which I'm not saying I am, given that they might be watching.

Re:Yet another one

[MobyDisk]

My only other option is Comcast. :(

Re:Yet another one

[josh82]

I suspect the most likely explanation for them knowing the exact filename and time is that the copyright holder (or some flunky under their direction) complained to the ISP. And they complained with just such information so as to not be complaining frivolously.

It is likely your ISP neither gave a damn nor kept track of the filenames/times themselves.

Of course, this doesn't really make sense of the above poster's claim -- I assume the claim is just referring to some rather benign traffic-shaping (benign in theory, not in practice), since said poster didn't bother to back it up with more elaboration. Otherwise, I agree that it would be fucking scary.

Just an Idea

[TheNinjaroach]

Don't attempt reaching domain names that don't exist. Who cares where they take you when you won't end up at your intended destination anyways?

Just use openDNS for security.

[killmofasta]

I just switched over to openDNS.
I somehow cannot access any sites anymore,
that I suspected had very bad content!
( if I want to test my security, I have to switch back to comcast's unsecure DNSs )

Life with openDNS is great, and fast and secure.
Wish they would get on with having servers in more areas, but
they are connected right to the Level3 backbone.

and openDNSs search feature isnt half bad.
( I know, I used to hit a lot of squatters ).

Same for Dallas Market

[damu]

Never noticed that before, what a PITA. dam

HAHAHA

[GodCandy]

How ironic... someone registered www.jkshdfkljh23sadf.com as a parked domain. Wow these ppl need help.

Re:HAHAHA

[GiovanniZero]

They already have a link from the homepage of slashdot, who wouldn't want that domain?

Re:HAHAHA

[rfunk]

You sure that's not just another example of automatic domain-tasting?

Re:HAHAHA

How is that irony?

Re:HAHAHA

[rnelsonee]

Do you think there's a script out there that just automatically registers a domain once it sees a lot of DNS requests for a URL? I'd imagine someone working in conjunction with NetworkSolutions could get this working.

Re:HAHAHA

[punissuer]

Wow these ppl need help. Actually, I'd say they need hindering. ;)

Re:HAHAHA

[orkysoft]

The link in the article should have been dynamically randomized, so the domain parkers would all think they were the first to come up with the idea of registering the random domain name linked to by Slashdot, and register lots of nonsensical names. I read somewhere that domain tasting might get discontinued soon...

Re:HAHAHA

[complete+loony]

No, the link in the summary goes straight to the result page.

Re:HAHAHA

[toddestan]

Someone who doesn't want their server to burn to the ground?

Re:HAHAHA

[Oktober+Sunset]

no, they should have made it agoatfuckerownsthisdomain.com

Old (here, anyway)

[Cooldrew]

It's been like this in the Capital Region of NY for a month or so. Probably started beginning of january, but don't quote me on that.

Re:Old (here, anyway)

It's been going on in NY Capital Region for since at least Christmas.

You could have this guy's Roadrunner problem...

[xelachen]

http://www.alexfalkenberg.com/2008/02/20/history-of-the-reboot/ Poor guy's RR service rebooted on him constantly for nearly a YEAR last year, and now it's doing it again...

Verizon Fios does it too apparently...

[Jackie_Chan_Fan]

I never quite realized it until now though. Its been happening lately and now i know what it is.

Charter's doing it too

[Einer2]

As far as I can tell, it started in Los Angeles sometime in the last few weeks.

Re:Charter's doing it too

Charter's been doing this in the Pasadena area for a year or two. They do have an alternate DNS server that doesn't do it, if you call them, but it's crazy-slow and their DHCP, of course, assigns you the redirecting one.

dnsmasq has an option to treat certain DNS responses as "this is a bogus page, send NOTFOUND to clients" or something like that, if you can figure out the IP ranges of the searchvertisement redirects.

I've also been getting redirected randomly to Network Solutions or Godaddy pages saying "this page coming soon" or listing "related searches" occasionally when visiting friends and using their ISPs, which seems more like it happens when there are timeouts in recursive DNS lookups for non-cached hosts, but unfortunately it frequently then gets the redirect locked into the cache on the local server or similar, at least judging from the behavior... sort of "accidental DNS poisoning" rather than "malicious DNS poisoning"

Re:Charter's doing it too

Charter in SLO, CA has been doing this for longer than that, I would have set up opendns a long time ago, if I just weren't so darned lazy...

Re:Charter's doing it too

[oDDmON+oUT]

North Texas was introduced to this "feature" last year sometime.

Since I am relatively careful about how I type an address before hitting Enter I can't say how long it's been in place.

Host files work wonders tho'.

earthlink does this with GOOD URLs

If I have javascript** on and hit too many links too fast,(I am a news junky, not talking about porn either) setting up a set of tabs for reading, they won't "find" most of the URLs even though they are legitimate, they redirect you to their own stupid search page, tell you they "can't find" the URL, and I mean stupid stuff like they can't "find" drudge report? Stuff like that. Seriously bogus. And to make it worse, they *disable* the back button so you can't go back and do it again, and they add junk characters to the original URL, while removing most of the finer points of the addy at the same time, so you can't copy and paste the original URL you wanted to go to in the first place.

**javascript is just teh evile, hates it, but most websites out there seem to require it now, that and the fellow net demon from hell, *flash*. And leaving scripting on means your page downloads take 10 times longer, maybe not so noticeable with broadband, but on dialup (all I can get) I am seeing pages that never finish downloading after letting them run for actual multiple minutes. It's just getting terrible out there with web page bloat. And "no script" doesn't matter when you have to go ahead and whitelist most of the pages out there you want to see anyway, waste of time. And you have to have javascript ON to run flashblock! It never ends!

RFCs

[Dogun]

You know, any and all future network protocol RFCs should mandate the blacklisting of networks that choose not to comply.

Verizon FiOS

Has been doing this for some time now too. It's bloody irritating because you don't get the chance to edit the typo in the URL once Verizon's wanky screen comes up.

Google should have a DNS

[Jafafa+Hots]

Everyone just uses Google's results anyway - but with Google's resources, they could have the snappiest, speediest DNS... plus they could probably come up with some cool innovation that I can't even imagine right now that would make their pages returned from domain typos worth getting. I dunno, something so cool that we'd be mistyping domain names on purpose.

As it is, I changed to openDNS when Verizon pulled this crap, also because Verizon wasn't returning some blog or whatever (can't remember)... but even OpenDNS' page bugs the hell out of me. Used to be firefox just returned Google's "I Feel Lucky" result, so you could type in just "slashdot" for example. Fucking Verizon (and OpenDNS) ruined that, I'm not sure how Verizon managed to stop Firefox from default to google, or if it was Verizon doing that.

Too late

[LordEd]

Somebody has already registered:

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: JKSHDFKLJH23SADF.COM
Created on: 26-Feb-08
Expires on: 26-Feb-09
Last Updated on: 26-Feb-08

Not here

[Rakeris]

I live in Illinois, and use Verizon wireless broadband. It doesn't happen to me. (Yet)

Call and complain

[oyenstikker]

I spent about half an hour on the phone with them to complain when I first noticed this last week. Nobody that they let us unimportant residential customers talk to even knew what a DNS server was, but the rep talked with me until she got enough down on paper that she could use to file a complaint to the higher-ups. Hopefully if enough people do this, they will stop.

Oh, wait, they have a government granted monopoly. My only alternatives are slow and really slow.

Call and complain to your elected representatives.

anyone else notice the search engine

powered by yahoo. that's a mistake right away. if they wanted a better suggestion, they should use google

Actually, OpenDNS is even worse!

[Anti-Trend]

OpenDNS is actually substantially worse. At least Roadrunner is obvious about the fact that you're visiting their servers. With OpenDNS, it seemed they were actually proxying requests for well-known search engines that were *not* typo'd in order to grab stats. Try setting your DNS resolvers to OpenDNS, then dig (or 'nslookup' for you Windows folks) www.google.com. Do a whois on the resulting IPs, and guess who they're registered to... Google? Nope, OpenDNS! At least, last I checked -- that was also the last time I used OpenDNS.

Re:Actually, OpenDNS is even worse!

[Albanach]

Not for me:

linux:~ $ dig google.com @208.67.222.222

; <<>> DiG 9.3.2 <<>> google.com @208.67.222.222
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28096
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 219 IN A 64.233.187.99
google.com. 219 IN A 64.233.167.99
google.com. 219 IN A 72.14.207.99

;; Query time: 51 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Feb 26 14:19:10 2008
;; MSG SIZE rcvd: 76

linux:~ $ whois 64.233.187.99

OrgName: Google Inc.
OrgID: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

Re:Actually, OpenDNS is even worse!

[Anti-Trend]

Yup, still works for me:

$ dig @208.67.222.222 www.google.com

; <<>> DiG 9.4.2 <<>> @208.67.222.222 www.google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6858
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.67.219.230
google.navigation.opendns.com. 30 IN A 208.67.219.231

;; Query time: 23 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Feb 26 11:28:03 2008
;; MSG SIZE rcvd: 104

Re:Actually, OpenDNS is even worse!

You're not doing it right.

> dig www.google.com @resolver1.opendns.com

[...]
;; ANSWER SECTION:
www.google.com. 30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.69.34.230
google.navigation.opendns.com. 30 IN A 208.69.34.231
[...]

That's right, OpenDNS not only does the same kind of typo-redirection through DNS as RoadRunner, they also intercept www.google.com URLs. Instead of advertising such a shady service, geeks should show people how to run their own resolvers. It isn't hard at all.

Re:Actually, OpenDNS is even worse!

[The+Mighty+Buzzard]

Note the difference in your two queries:

dig @208.67.222.222 www.google.com vs.

dig google.com @208.67.222.222 You're both correct.

Re:Actually, OpenDNS is even worse!

[Albanach]

Ah, you went for www.google.com which they seem to intercept, I went for google.com which they ignore (or did until they read this I guess).

Can't say routinely type in the www for any website - and get frustrated with the few sites that bork when you skip it. Nonetheless, the firefox search bar sends queries to www.google.com so this would hit quite a few folk if they use opendns.

Re:Actually, OpenDNS is even worse!

[MadUndergrad]

OpenDNS has a blog post explaining why they're doing that: http://blog.opendns.com/2007/05/22/google-turns-the-page

Re:Actually, OpenDNS is even worse!

[Anti-Trend]

Still, the fact that they are hijacking the forward lookup without indicating that its hijacked is all wrong to me. If I can't trust OpenDNS to just resolve a site to the correct IP address, I don't really care about their justifications. It's simply no longer an option for me. I suspect a lot of others feel the same way.

Re:Actually, OpenDNS is even worse!

[raju1kabir]

www.google.com. 30 IN CNAME google.navigation.opendns.com.

Thanks for the heads up. I've just removed OpenDNS from my router's configuration. My ISP's DNS sucks but there are some caching servers at work I can piggyback on.

I wonder if this OpenDNS business explains the error page I've been getting with increasing frequency from Google, something to the effect of my query looking like it came from malware on my computer.

Re:Actually, OpenDNS is even worse!

[raju1kabir]

The plot thickens. Have a look at this OpenDNS blog entry which explains the rationale for the Google interception. At least it's a plausible justification, though I don't have a Dell and I'd prefer my Googling to go straight to the source without intermediaries, so I'm keeping OpenDNS off.

Re:Actually, OpenDNS is even worse!

[nschubach]

Just curious, but would you feel better if they appended an element to the page to give you a little message saying you typed the URL wrong?

Re:Actually, OpenDNS is even worse!

[Anti-Trend]

Just curious, but would you feel better if they appended an element to the page to give you a little message saying you typed the URL wrong? Good question. The answer is that I would be more likely to recommend OpenDNS to less technical people who don't know how to setup a local DNS cache. For me, I want vanilla DNS that will give me the straight dope, none of this fuzzy DNS B.S. In other words, I won't use DNS servers that don't give accurate forward lookups, no matter their intentions.

Re:Actually, OpenDNS is even worse!

[randyest]

Seems kind of strange that they do this redirect because it's "too hard" to remove the "spyware" (their words) that dell installs on new PCs. OpenDNS says:

Wow. Are you kidding me? In order for a user to get rid of this brokenness the person has to remove a piece of software called "Browser Address Error Redirector?" That barely makes sense to techies and it makes no sense to normal people. Would your Mom uninstall something with a name like that? I don't think so.

Well, wait. Actually, I do think my mom would uninstall that if someone she trusted said it would be a good thing to do. But my mom wouldn't be using OpenDNS so it's kind of a moot point, isn't it? Also, to what kind of "techie" does that trivial GUI operation "barely make sense?"

What I mean is, it seems to me that someone savvy enough to use OpenDNS is savvy enough to use "Add/remove Programs" so their argument for their own redirect falls apart.

Re:Actually, OpenDNS is even worse!

[davidu]

Actually, that's why we put the CNAME in there. If we had any desire to hide it or be shady in any way we'd just resolve it to the IPs.

We put the CNAME in to be transparent to people like you who use host or dig.

But of course, it's also your choice to use OpenDNS. I know it's better, so do millions of others. But it might not be for you, and that's okay.

-david

Re:Actually, OpenDNS is even worse!

[palegray.net]

It isn't hard at all. True, but unfortunately the hard part is getting average people to care about something like this in the first place.

Re:Actually, OpenDNS is even worse!

[Anti-Trend]

We put the CNAME in to be transparent to people like you who use host or dig. ...But you can silently feed a bad A-Record to people who aren't savvy enough to check. To them, it's just www.google.com. This is the slippery slope that so many /.'ers get worked up about on the topic of network neutrality.

Re:Actually, OpenDNS is even worse!

[davidu]

No, we give everyone the CNAME.

Re:Actually, OpenDNS is even worse!

[Anti-Trend]

No, we give everyone the CNAME. Now you're just arguing semantics. So the fact that you give them a CNAME with no A-record changes the point I was trying to make? Are you still intercepting lookups to www.google.com and resolving to your own servers, or are they really going to google? According to what I've observed, it's the former. That's the fundamental issue, not what type of DNS record you're using. Of course, you knew that when you posted your reply, so I'm getting off track.

If OpenDNS wanted to be truly transparent about the process, why not throw a little warning tag on your fake google front-end? You could even use the opportunity to link to the blog justifying why OpenDNS made that decision to begin with.

Re:Actually, OpenDNS is even worse!

[davidu]

That makes no sense. People use our service by choice and 99.9% of people don't care if we redirect Google -- We don't log anything and we're clear about that. What we do is fix a bit of brokenness and pass it on to Google. Google knows and doesn't care. Tons of corporations and ISPs proxy users... we're just doing it to fix problems with shortcuts and some other edge cases.

We don't send them to a page about the blog post because that's a WORSE user experience and my goal is to give users, regular users, the BEST experience possible. For the techies, like you, you see the CNAME and then google around and find out blog post and know what's up.

What you suggest is counter-intuitive for users -- having them want to reach google and get some other page? That's a terrible idea.

Re:Actually, OpenDNS is even worse!

[davidu]

Lots of people setup OpenDNS for other people, like their mom -- or your mom. Heh.

Re:Actually, OpenDNS is even worse!

[Anti-Trend]

What you suggest is counter-intuitive for users -- having them want to reach google and get some other page? That's a terrible idea. You're right, it would be a terrible idea. That's also not what I'm suggesting at all. What I meant was to put a small link in an unobtrusive place stating that www.google.com is being proxied. Link goes to your blog page on that topic. This would be in the interest of keeping the "Open" in OpenDNS. If that kind of thing was put in place anywhere you get a DNS redirection back to an OpenDNS.com-hosted facade for whatever reason, "techies like me" will be able to recommend OpenDNS in good conscience.

I know it would probably add a little overhead, and maybe even a few headaches to implement. But maybe that's just another good reason why you shouldn't tamper with legitimate host entries like www.google.com.

Re:Actually, OpenDNS is even worse!

[randyest]

Lots of people remove installed programs for other people, like their mom -- or your mom. Heh.

Brilliant!

[XanC]

This sums it up.

Re:Brilliant!

[maxwell+demon]

If you remove the http:/// (the second one, of course), it's much funnier.

Re:Brilliant!

[XanC]

Really? I don't see anything different between the two. Neither one has an "http" before the red text.

Verizon FiOS too

[s2jcpete]

Verizon FiOS has been doing this for a while now.

There's no ethical reason to do this

[hellfire]

When I type in a domain, I recognize if I made a typo and went to the wrong page or not. I recognize if it's one of those ad domains and then go back and type it right, or do a google search if in case I didn't know the proper spelling or simply didn't know the right address.

But what does the average user do? Do they properly question the website they are on? Do stop and go back and try another site? Not all of them. Many will start clicking on these links, waste time, and be led in circles. They might end up on the website that they want to go, but more likely they might end up on a website that will display too many ads, sell them something at an overpriced rate, or give them spyware or a virus. All of course in milking us in the name of making more money. These are not services that give consumers any kind of benefit. People who serve ads all know it's about bombarding the average user, giving them headaches, and hoping a few n00bs click on the links and buy something they shouldn't buy. It's complete bullshit and it has to stop.

Business used to mean giving the customer what they wanted. I don't want a headache!

Use dnsmasq on your router

[rfunk]

My ISP (Embarq DSL) does this too. But since I'm using DD-WRT on my router, I can bypass it. DD-WRT includes dnsmasq for DNS forwarding, and ever since Network Solutions tried the same scam on the entire .com TLD a while back, dnsmasq has included the option (bogus-nxdomain) to specify IP addresses that, when returned from upstream DNS, result in a "no such domain" error being returned to your computer.

Cache this

[fulldecent]

The internet is really big. You can help their DNS servers by caching it all. while true; do host eatit$RANDOM$RANDOM.com& sleep 0.1; done

All your errors belong to us

[Animats]

OK, what's the IP address of the ad site they send you to? Add that to block lists.

Re:All your errors belong to us

[randyest]

OK, but blocked or not, the DNS still resolved before your browser even tried to hit the blocked server, which is the problem. It breaks DNS proper behavior, and code/devices that depend on non-existent servers not resolving will be broken. Not good.

Of course OpenDNS' "fix" is just as bad -- they should show people how to use Add/remove programs to remove the application. It's not hidden or misnamed (read the OpenDNS blog entry linked in this thread.) But somehow OpenDNS claims that their users are savvy enough to use OpenDNS, yet too stupid to use "add/remove programs" to remove one called "Browser Error Redirector."

Riiight.

And then there was no one left.

[cadeon]

First they came for the news group users,
and I didn't speak up,
because I didn't use news groups.

Then they came for the torrenters,
and I didn't speak up,
because I didn't torrent.

Then they came for the bandwidth hogs,
and I didn't speak up,
because I wasn't on Comcast.

Then they came for my dns,
and by that time there was no one
left to speak up for me.

Bundling Abuse Should Lead to Breakup

[Doc+Ruby]

The central remedy to AT&T's abuse of its old telco monopoly was splitting long distance service from local service, and prohibiting one corp from bundling both to a single customer (the return of telco monopolies along with that bundling is case in point). That unbundling forced customers to exercise choice in telcos, and not leave choice just a theoretical construct. AT&T was also forced to let customers own their own phones, even the phone wiring in their house. Once the bundled advantage was lost to AT&T, it embraced that unbundling, because AT&T no longer had to lose money supporting that vulnerable equipment (within reach of the great unwashed masses). AT&T had abused the bundle to the point where it lost not just the bundle, but most of the market domination advantages of a monopoly.

Those same conditions now apply to ISPs. Already the FCC has barred cablecos from bundling cablemodems and set top boxes (though it's apparently not enforced yet), to force consumers to diversify away from a single dependency for our connection to the essential broadband resource. RoadRunner's DNS should be another unbundled service. It should be trivial for any user to switch to using someone else's DNS to get away from these abuses, even if they do choose to keep a bundled one. RoadRunner's DNS was already bad, just a slowdown in every connection, even before it was abusive and violating the standards to spam domain responses like this latest stunt. With luck, the abuse will force the unbundling in a showdown with these big ISPs. They should offer unbundled services only, and create a market for separate bundlers who compete with each other bundling services and selling them to consumers.

Re:Bundling Abuse Should Lead to Breakup

[geminidomino]

It should be trivial for any user to switch to using someone else's DNS to get away from these abuses, even if they do choose to keep a bundled one. You do know that it is, right?

Windows: Open Network connection->TCP/IP settings->name servers (may be off. Long time since I've used windows)
Linux/*BSD: [g/k]edit /etc/resolv.conf
etc...

Unless they start that port 53 filtering... then I can understand the outrage

Re:Bundling Abuse Should Lead to Breakup

[Doc+Ruby]

Not quite. For one, most people don't know how to do what you described. It's "trivial" in the sense of "what's the middle name of the 17th president?" For another, those desktop settings are set by the DHCP from their cablemodem/DSLmodem, not just once at the desktop.

"Trivial" means they get an email from their ISP once a month with updates like their account info, and a link with simple but detailed description of "switching your DNS" that switches with a single click.

Re:Bundling Abuse Should Lead to Breakup

[geminidomino]

Not quite. For one, most people don't know how to do what you described. It's "trivial" in the sense of "what's the middle name of the 17th president?" You mean easily solved by a 15-second google?

For another, those desktop settings are set by the DHCP from their cablemodem/DSLmodem, not just once at the desktop. Not necessarily. Windows has a radio button pair. "Get address automatically" (use DHCP) or "Specify address". Linux is only slightly more in-depth, but still trivial to anyone who was able to get it set up in the first place.

"Trivial" means they get an email from their ISP once a month with updates like their account info, and a link with simple but detailed description of "switching your DNS" that switches with a single click. Allowing a web page to change network settings? That's not trivial, that is Very Very Bad(tm).

Re:Bundling Abuse Should Lead to Breakup

[Doc+Ruby]

I don't think you understand the difference between "easy" and "trivial". No matter how easy the technique is, most people don't ever get anywhere near the mode of changing any controls nearly as technical as DNS servers. What's going to prompt them to google for the technique? If they're not led to it by some personal intervention, they'll never even know that can do it, let alone why or how.

I really think you don't have any current experience with how computer/network devices are given UIs for the mass of regular people to use. For example, most cablemodems/DSLmodems have "web page" interfaces that change network settings. That's usually the only interface accessible by the customer, and includes all kinds of "risky" settings.

The skills and behavior of mass market consumers is very different from anyone with any amount of actual expertise or informedness. They need to be pulled by the hand through the fewest steps. That's "trivial". Which makes it a challenge to also be safe, because trivial changes can have serious consequences. But that's what has to be dealt with in this case.

Re:Bundling Abuse Should Lead to Breakup

[geminidomino]

I don't think you understand the difference between "easy" and "trivial". No matter how easy the technique is, most people don't ever get anywhere near the mode of changing any controls nearly as technical as DNS servers. What's going to prompt them to google for the technique? If they're not led to it by some personal intervention, they'll never even know that can do it, let alone why or how. That would make informing them non-trivial, not the action itself.

I really think you don't have any current experience with how computer/network devices are given UIs for the mass of regular people to use. For example, most cablemodems/DSLmodems have "web page" interfaces that change network settings. That's usually the only interface accessible by the customer, and includes all kinds of "risky" settings. I am fully aware of the http interfaces used these days. The point you're missing is that any DHCP-assigned setting of DNS servers by the cable company can be *overridden on the computer itself*.

Hours?

[a_claudiu]

Hours? Are you a rhino?

Re:Hours?

[moderatorrater]

That's what I tell all the girls at the club.

Spam post?

[wooppp]

jkshdfkljh23sadf.com is not a random domain but a registered and DomainsByProxy protected domain. Every "test" click shoots up the ads on that site...

re

[JohnVanVliet]

well wowway ( wide open west) has been doing this sense day 1 after i gave Comcast the boot an example for a rand. address http://www5.search.wowway.net/search?qo=346ghty5.com&rn=Hvs4Wx6Env6cPfc and overrides Mozilla/SeaMonkey's setting for Google

Not just SoCal

[barzok]

They've been doing it in parts of Upstate NY since December, maybe earlier.

Re:And -- Advertising revenue

[WidescreenFreak]

I noticed this the other day, and IIRC they also had Yahoo adverts in there with the Yahoo search links, seeing as how they're partnered with Yahoo. If that's what starts to become the norm, then I've got a problem with it. It's bad enough that people have to pay the fees that they do, but to then have the ISP shove advertisements -- or have an excellent outlet with which to shove advertisements -- to customers who are already paying (or in some cases, like Comcast, overpaying) for their Internet connectivity bothers me immensely.

I know, I know, if I'd type the domain in properly I won't see the bad domain interception. Still, it's the principle, just like seeing advertising in full-priced games. Either don't give me advertising or lower my rates.

Then again, it's possible that I didn't see any advertising at all and I'm delusional due to ... well, being in my natural state. :)

I would have never noticed.

[domatic]

I have a copy of bind9 running on my router box. It's firewalled away from the outside and was only an apt-get away.

Here's why:

[NeutronCowboy]

It means that ISPs intercept server requests and redirect the user to a different server. In this particular case, you're right - whether I get Firefox to display a 404 message or a page from RR, Verizon or any DSL that essentially says "This site doesn't exist, but try searching through here" doesn't matter to me. I'll just type the address in again.

However, there is one instance where this issue matters right now: a lot of site monitoring still relies on pings or basic server lookups to figure out whether the server is up and running. This feature would immediately screw with that kind of monitoring. Basically, you cannot assume anymore that because a dns lookup or a ping returns a positive result that the server with that hostname is actually alive or in the DNS tables. Yes, there are ways around that, but it basically breaks one of the central tenets of the internet: the intelligence is on the edge of the network, and everything in between is just a packet forwarder.

More significantly though is that it redirects a user to a place that wasn't requested. Basically, it means that from a technological perspective, this no different than RR or Verizon taking my request to www.google.com and redirecting it to their own search page. See why this can easily become a very, very big deal? I can guarantee you that this is a trial balloon by the ISPs to see how users react to this. If this goes through, expect that at some point in the future, you will have to jump through hoops to get to the site you want, and not the site your ISP thinks you ought to want.

This is another problem that will most likely have to be enshrined in actual law: ISPs shall not take a request and redirect it elsewhere. The potential for and likelihood of abuse is just too large otherwise.

Welcome to the intelligent network. It'll be a nightmare.

Ding ding ding - someone gets it!

[Xenious]

You've hit the nail right on the head. This BREAKS proper DNS workings and in my case causes me lots of headaches with a split tunnel VPN that depends on a DNE result to know if it should try the DNS servers for the VPN connection. If they really want to do this then build it into the web browsers and let it be an option. Don't try to force it in some attempt to be "Friendly" that is also an attempt for web ads.

You said it yourself...

[raehl]

The user base is dumb.

One of the things most Internet Service Provider customers are paying for is... well, service. While I'm sure most of the Slashdot audience finds this service annoying, for MOST people on the internet, the resulting page is probably better for them than a blank error page.

And, opt-in is a lousy way to institute change. If you make the change, and let people opt out, everyone who the change helps will get it and everyone who doesn't like the change will opt-out, at the cost of the inconvenience of opting out once for the people who don't like the change. If the change is opt-in, then you have to communicate the change, and only some people are going to make it, even if it would be a good change for them, at the cost of everyone who wants to make the change having to specifically opt-in. Which is better - trying to get ignorant users to opt-in to something they don't understand, or allowing power users to opt-out of something they do understand?

The only exceptions to this is when the change is 'destructive', or you don't expect the change to be good for most people.

But if you're changing the default behavior (new users would have the new behavior) and the change is not destructive, there's nothing malicious about opt-out.

Re:You said it yourself...

[Frank+T.+Lofaro+Jr.]

Your post is too rational, this is Slashdot, we are into conspiracy theories here.

Like how Road Runner is using the DNS redirection to:

1) Destroy Net Neutrality
2) Enable censorship
3) Help Microsoft take over the world
4) Harm open source
5) Destroy P2P/aid the RIAA/MPAA/BSA
6) Break the Internet
7) Allow the aliens to eat our brains

etc, etc. :)

Re:You said it yourself...

[fwr]

The proper way to institute change, if change is desired, is to write up an RFC and submit it to the IETF to change, or enhance, the DNS protocol. It is not to make up your own proprietary protocols and then interject them into the mix by using the same interface (ports, etc) that standard protocols use. From a protocol standpoint, this is even worse than Comcast forging RST packets for torrents, RR is forging the entire friggin DNS system.

I can't understand how a logical person would say opt-in for something like this is a good thing.

My ISP

[jameskojiro]

I leech off my geeky nerdy neighbor and his DNS Domain Typo page leads to

http://www.homestarrunner.com/404.html

He has the best ISP by a long shot!!!

Actually, OpenDNS is OPTIONAL

[krewemaynard]

I use OpenDNS at home and work...at work, I've got the typo correction turned off. I don't get OpenDNS search results or redirects. At home, however, I use the content filters, which requires typo correction. Sometimes it sucks, but it is ENTIRELY OPTIONAL.

Re:Actually, OpenDNS is OPTIONAL

[Anti-Trend]

We were talking about OpenDNS' intercepted/misdirected forward lookups to www.google.com (not typo'd), not about the typo correction feature.

Re:Actually, OpenDNS is OPTIONAL

[davidu]

The features are tied -- when typo-correction is off so is the google redirection.

If you're running a mail server or for any other reason want it turned off, just email contact at opendns dot com with your username and tell them you want it turned off.

-david

Re:OpenDNS Guide.... Rhoad Rhunner...

[davidsyes]

If he caches u you're THROUGH....

preferences set within browsers?

[rssrss]

"This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains."

when I mistype a url I don't get kicked to Google, which is my preferred search engine, I wind up at some random adult entertainment site. I just went through my preferences in about:config and did not see anything about dns or web addresses. Can anyone tell me what this quote is referring to?

Re:preferences set within browsers?

[Changa_MC]

When you mistype a URL, you get the squatter page hosted at yourtypo.com, or you get a 404 error when there's no squatter. In the case of a 404, your browser can do a google search for you.
With this new change, you will never get a 404, because RoadRunner is effectively squatting on every unregistered domain, forwarding you ads for every typo.

Re:preferences set within browsers?

[rssrss]

"When you mistype a URL, you get the squatter page hosted at yourtypo.com, or you get a 404 error when there's no squatter. In the case of a 404, your browser can do a google search for you." Yes, that is what happens. But it has nothing to do with my browser prefs.

Re:preferences set within browsers?

[Changa_MC]

"In the case of a 404, your browser can do a google search for you." Yes, that is what happens. But it has nothing to do with my browser prefs. Let's begin again, because I'm a glutton for punishment.

Depending on you browser settings your browser can do an MSN or Google search on return of a 404, or it could simply give you an error message.

In IE, it defaults to MSN, but can be set to give you a basic 404 not found page. In FF, it defaults to a 404 not found page, but you can download various extensions to make it do whatever you want, eg. https://addons.mozilla.org/en-US/firefox/addon/4693

InsightBB does this too

[Rgb465]

InsightBB has been doing this for several months. I noticed it when the typo 'cterm' in KDE's run dialog opened a web browser instead of erroring out. I spent an hour on the phone trying to explain why it was a problem to some InsightBB tech support geek who is probably more confused now than when I started. In the end he consulted his manager, who told him "thats the way its supposed to work". Useless frackers.

I "fixed" the problem by switching to a different DNS server.

Limited to second-level domains or not?

[Todd+Knarr]

Is this limited to cases where the second-level domain doesn't exist, or do they do it for all NX responses? Ie., if you try "http://www.source-victoria.com/" (a host which doesn't have an A record), does TW return an NX response or the address of their server?

Uhm, lol.

[Volatar]

I just switched from Road Runner to AT&T's DSL two days ago :D

not in austin...

[jt418-93]

im on commode runner in austin, and no such functionality is happening to me. i still get the same old firefox 'you screwed up' page. that's how i realized i let one of my domains die today... DOH!!

I like the "Why Am I Here" link...

[securityfolk]

...which does *nothing* but show the page again.

It's as if they're saying

"C'mon stupid luser, you should just know that you're here, and be happy with it!"

Paxfire

I believe the device intercepting the DNS is from a company called Paxfire.

Breaking RBL based spam filters -Think of the SPAM

[BitZtream]

So ... as I understand it (feel free to correct any part of this message that is incorrect) ...

Most RBLs for spam return NX domain when you lookup a host that isn't on the RBL list, in effect letting the mail server/antispam software know the host thats being checked isn't currently considered a spammer.

So now, my spam filter software is going to always return a name for host lookups ... the result is that everything is now considered to be coming from a spamming host. If my spam software always blocks hosts that are on RBLs, then I get no email ...

I for one thank TimeWarner for this service, I didn't really expect protocols and standards to be followed, I do run Windows after all.

FreeBSDFirewallWithItsOwnDNSServer: 1
NormalUsersWhoDon'tHaveSuchSetups: -1

To me, this qualifies as intercepting and modifing traffic in a malicious manner. The should be charged with unauthorized interception and modification of digital signals as I certainly did not authorize it.

your example was a real site

[scsi2001]

>> To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function -- or they can just use OpenDNS. Here is an example RoadRunner results page. jkshdfkljh23sadf.com is a real site. http://www.networksolutions.com/whois/results.jsp?domain=jkshdfkljh23sadf.com

Re:OpenDNS Guide.... Rhoad Rhunner...

[mrbcs]

Thanks! Best laugh of the day!

Earthlink

[HeavensFire]

Earthlink has been doing this for at least a year, if not more.

Pay attention...

[scsi2001]

If you used the example link in the first message of this thread of course your going to get www.jkshdfkljh23sadf.com. Oddly enough, that is a registered site. It's not a DNS redirect.

Whois: http://www.networksolutions.com/whois/results.jsp?domain=jkshdfkljh23sadf.com

Re:Pay attention...

[Changa_MC]

Note the date of registration. Someone registered it because of this story.

Since January...

[hntd187]

This interception of mistyped domains has been happening in Austin, Texas and surrounding areas now since from what I can remember since January when I moved here.

The Internet is not HTTP

[pslam]

For those that don't get it yet: this breaks every other protocol that isn't HTTP.

Sigh, and for those who still don't get it: HTTP is what your web browser uses to get web pages.

All those who are spouting "it's useful" or "I don't understand what the fuss is" or "why can't they do it?"... you simply don't understand the issues and shouldn't be commenting.

Re:The Internet is not HTTP

[baerm]

For those that don't get it yet: this breaks every other protocol that isn't HTTP.
  Sigh, and for those who still don't get it: HTTP is what your web browser uses to get web pages.
  All those who are spouting "it's useful" or "I don't understand what the fuss is" or "why can't they do it?"... you simply don't understand the issues and shouldn't be commenting.


I wish I had mod points for you. HTTP is not the only thing on the internet. There are other things flowing over those tubes. I'm not sure about the not commenting (commenting when you don't understand the issues is what slashdot is about isn't it?), but let me just say one word

email,

you're using opendns?, hmm, well all you email may be going through one of their servers, or not, who knows? We do know OpenDNS returns the incorrect IP of DNS lookups, IP's to their machines. I hope anyone who uses them, encrypts any email they deem private. Or IM, or pretty much everything you send on the web, including http. good times. Okay, I said way more than one word, I've got my rant on a bit.

And yes that is a bit paranoid, but there is no reason to think they wouldn't do this if they can make a profit from it. Profit is what they are in business to do. They have shown that integrity and properly supporting DNS is not a greater priority to profit for them.

But for more immediate problems if I was, say, trying to solve a problem with a server. hmm, I can ping the server, but I can't connect to it with ssh. I'm not sure how long it'd take me to figure out I was being directed to a opensdns server because the box (and DNS server running on it) was down. Not this has ever happened to me, nooo, let me just say *&)*&, &*#%@$ and @#$%@$# to OpenDNS. May they burn in whatever hell is provided for those that abuse protocols (not to mention the word 'Open').

The internet really, really is not just the web.

How to Disable For Verizon

Verizon's guide

My guide:
1. Find your dns servers settings (71.252.0.12 and 68.237.161.12 for me). They should end in .12
2. Set them to the exact same ips with .14 on the end instead of .12

My census program

[professorguy]

I have a small utility that makes DNS calls to build up a picture of all 5-letter domains (which are actually bought domains). It then graphically shows this info and does some statistics on various letter combinations as being more or less likely to be in a domain. The 30 million possibles give a pretty good dataset. Now I throw my software in the garbage because some slimeballs wanted to make another 0.000001 cents per subscriber. I wanted to try the 6-letter domains (all 890 million), but now that dream is dead.

Re:My census program

[Compenguin]

Isn't the absence of a DNS record not considered authoritative proof that a domain is unowned/available?

FAIL for not reading the FAQ

People frequently ask us how we can offer such a fantastic service without charging a dime.

OpenDNS makes money the same way Google and Yahoo do -- by showing relevant ads when we show you search results.

http://www.opendns.com/how/free/how-can-opendns-be-free/

Insight

[rstultz]

Insight (In Kentucky, Indiana and a few other places that I know of) has been doing this for 9 months. But unfortunately their opt-out isn't by MAC address, it's handled by cookies. I use a mac, and safari, and this means if I browse in private mode (which I always do) I effectively can't opt-out. It'll opt out for the session, but I don't mistype a url every session, so it's pretty pointless to opt out each time. The thing that pisses me off about it is when I screwed up one letter, or reverse two letters. It use to be that I could just go to the address bar and fix the address, but can't do that now. Have to retype the whole address (I've yet to see the site I mistyped listed in the results page).

And I just tested it to see how opt-out worked, and it redirects you to a "standard" error page, changed the address in the address bar, so effective it still sucks after opting out.

I wrote them a letter saying this was unacceptable, and they told me to go an opt-out every time I opened my browser, or to turn cookies on.

Ryan Stultz

It happened to me and what I did

[meesterbeel]

Invalid DNS Redirection

Recently I inadvertently entered a url and forgot one of the leading w's. I thought I'd get a browser error, instead I was opening a page with all sorts of ads and a "Did you mean:" with several suggested web sites. I know how DNS works so I brought up a network sniffer to see what was going on. To my astonishment my DNS server was returning a valid IP address for a dns entry that did not exist! When opened, this address did a http redirect to the web site with the ads and suggestions. I tried a simple test to see if the browser was involved. I used NSLOOKUP and entered an invalid address and sure enough a valid IP was being returned, I don't use a proxy server so the problem had to be in the DNS server. I have to use Hughes satellite services so I though it might be something being done by them, but in reading on the net many IPSs are doing the same thing. I investigated some more and found out that Hughes was using the services of a company called Paxfire who makes a living working with Internet ads. Other ISPs might be using another service. I noticed that the redirection was returning another url, wwh.found-not-help.com. If I put that name in the hosts file I then got a normal http error. That would suffice in most cases but on a satellite Internet link the round trip packet latency can make a connection look like dial-up.
        I decided to look into this more. I had an idea. Several years ago I wrote 2 functions for a project I was on, AddDNSName, and DeleteDNSName. These would add secondary IP addresses to the network adapter and delete them programmatically. So I wrote a simple program using the old gethosybyname socket function. I would look up an invalid name and if a valid IP address was returned I added these addresses to my system. After that everything worked as it should. DNS returned the redirection IP addresses and a connection attempt would immediately fail because the address was now local.
        The ISP's have a solution but it requires leaving a cookie on your system and you're still doing more network traffic.
        This is not a new problem and I found this reference http://www.itmweb.com/f092403.htm about Verisign having the problem in late 2003! I find it amazing that IPSs would change Internet standards just to receive more ad revenue. Seeing that there was no recourse in standards committees I decided to write this and the code for the problem. The code could easily be polished to make it stronger, I just wrote a prototype program (which I use). There is an article on codegugu.com, http://www.codeguru.com/cpp/i-n/network/winsocksolutions/article.php/c6165/ that has the C++ code for add and delete ip addresses(ipadddel.c ipadddel.h). Here is the code I wrote for this problem. It can be easily modified for adjustments. It's a hack job but it seems to work.

It seems I can't post the code, I get a "too many junk characters" error. If you want it I'll send it to you.

Just a few notes on this. IP addresses added are transient, which go away after a reboot or delete. The chance of these DNS IP addresses are in your address space is extremely small and not possible if you are using DHCP. The ISP's could change the redirection IP address but it would still be found every time the code is run on the workstation. The code is setup for 2 redirection addresses but could easily be changed for more.
        The ISP's have a solution but it requires leaving a cookie on your system and you're still doing more network traffic. What they didn't consider also is that Browsers are NOT the only internet application that uses DNS.

Bill

Re:It happened to me and what I did

[dionnow]

Why don't you use an alternate DNS server?

(pedantic) "intercept" is the wrong word

"Intercept" suggests that you tried to connect to someone's DNS server, and your ISP served the request instead. But what really happened, is that you (quite deliberately and knowingly) connected to the ISP's DNS server, looked something up, and it gave the wrong answer.

This is a server issue, not a network issue. Their server, their rules. Ok, whoa whoa whoa, I know I pissed a lot of people off with that last sentence, and it makes me sound like their apologist or something. No, that's not what happened. I'm just being pedantic and amoral. ;-) I agree they shouldn't do it. I agree that it's some sort of betrayal and lowers the value of them as an ISP. I'm just putting into perspective; it's not like they did a MitM.

It is a server defect, not an interception.

It was before

[avatar4d]

This happened sometime before the date and time specified. The first time I noticed it was when Wikileaks was taken out of the DNS record the day before it was posted on /.

Roll your own root level DNS

[rs79]

Every ISP does no-dns-adserving now, or will.

The last time I asked about google doing dns I was told by a vp there "they aren't ready for that yet".

This is probably more political than anything else. Think about it. If google says "use us for dns" and they gave the fastest most reliable answer within a couple of months most of the world would be using it. Do you know what happens when you have most of the world using you as dns? They see what you say they see is the answer. If google were to slip in a .goog would that be a bad thing? You'd have control of the root zone, and all names on the net.

Right now, the "root zone file" that holds the list of TLD servers is under the control of the United States government - specifically the department of Commerce, which has in the past rejected ICANN's suggestions of modification for the root zone allegedly in return for a Bush staffer's political favour.

There are things both Microsoft and Google - but probably nobody else except possibly OpenDNS - could do in the next little while that would put them in a position of this sort of control.

When there's a monopoly of dns services, and I'd say more than 50%, then that entity gets to say what the root zone is, and experience has shown people can be convinced of the sense of any new plan when it comes to adding new tlds as long as new tlds actually get added. You'll notice the decade old process from ICANN has done SFA here.

At some point the internet community will get sick of somebody else saying they're in charge and deciding what domain names can or can not be published in a system we all ourselves run and provide the infrastructure for!

So, what I would do is use my own dns servers. And you should use your own dns servers. Or maybe you and your friends could se up your own root server network. One of you grab the root zone from ftp://internic.net declare yourself primary for ".", have the other guys slave the "." zone from you and stick each others ip's in your root cache file. Poof, you're a root server network.

You're still going to have the problem that port 80 (and 443) service has, or will soon have a "trasparent web proxy" - these intercept web requests then do the dns lookup on the domain name so they're sure to only cache web content their dns thinks is valid. You need to use a web proxy on the other side of this device to get unfiltered internet. And your own DNS.

Anything else and you're letting somebody else decide what you see. Log in to internic.net with ftp and cd to "domain" to get the root zone file you need to primary the "." zone for yourself.

Name (internic.net:r): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Zone files can be found in the domain directory.
230-
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd domain
250 CWD command successful.
ftp> ls
500 'EPSV': command not understood.
227 Entering Passive Mode (198,41,0,6,114,5)
150 Opening ASCII mode data connection for directory listing.
total 160
-rw-r--r-- 1 9998 213 657 Feb 26 16:56 INTERNIC_ROOT_ZONE.signatures
-rw-r--r-- 1 9998 213 680 Feb 26 16:42 arpa.zone.gz
-rw-r--r-- 1 9998 213 75 Feb 26 16:53 arpa.zone.gz.md5
-rw-r--r-- 1 9998 213 72 Feb 26 16:54 arpa.zone.gz.sig
-rw-r--r-- 1 9998 213 2876 Feb 4 12:07 db.cache <---------- list of ip addresses of root servers, ie, the NS records for "."
-rw-r--r-- 1 9998 213 43 Feb 4 12:07 db.cache.md5
-rw-r--r-- 1 9998 213 72 Feb 4 12:07 db.cache.sig
-rw-r--r-- 1 9998 213 2879 Feb 4 12:07 named.cache
-rw-r--r-- 1 9998 213 46 Feb 4 12:07 named.cache.md5
-rw-r--r-- 1 9998 213 72 Feb 4 12:07 named.cache.sig
-rw-r--r-- 1 9998 213 2878 Feb 4 12:07 named.root
-rw-r--r-- 1 9998 213 45 Feb 4 12:07 named.root.md

Time Warner's Helpful Preferences Page

[kaputtfurleben]

Preference Update Failure

The preferences server is misconfigured or is experiencing momentary downtime. Please try your request again later.
At any point, you can always revisit the preferences page to update your preferences.

What is six times nine?

[MentlFlos]

You're right. I didn't say anything at all. But I did change the DNS addresses on my machines so they ended in .42 instead of .12 like the help page said to do. </quote>

I like "what do you change the .12 to for proper DNS results" way more then 6*9.

However the original question does have 6 and 9 in it.

we have a conundrum

Did not take long

[McGiraf]

Some one registerd JKSHDFKLJH23SADF.COM.

lol

Registrant:
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States

      Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
      Domain Name: JKSHDFKLJH23SADF.COM
            Created on: 26-Feb-08
            Expires on: 26-Feb-09
            Last Updated on: 26-Feb-08

      Administrative Contact:
            Private, Registration JKSHDFKLJH23SADF.COM@domainsbyproxy.com
            Domains by Proxy, Inc.
            DomainsByProxy.com
            15111 N. Hayden Rd., Ste 160, PMB 353
            Scottsdale, Arizona 85260
            United States
            (480) 624-2599 Fax -- (480) 624-2599

      Technical Contact:
            Private, Registration JKSHDFKLJH23SADF.COM@domainsbyproxy.com
            Domains by Proxy, Inc.
            DomainsByProxy.com
            15111 N. Hayden Rd., Ste 160, PMB 353
            Scottsdale, Arizona 85260
            United States
            (480) 624-2599 Fax -- (480) 624-2599

      Domain servers in listed order:
            NS1-DURGA.WEBSERVERSYSTEMS.COM
            NS2-DURGA.WEBSERVERSYSTEMS.COM

opt out not possible

"The preferences server is either misconfigured or down."

The captcha for this post is "molests". How appropriate. Now I have to explain to my wife and children about DNS wildcards and how asshats use them to make money.

Commercial Free Road Runner??

[realperseus]

I don't know about your area of the country, but here in Western New York, Time Warner clearly states in their television commercials that their Road Runner service is "commercial-free". Does DNS poisoning constitute advertising?

but we already know

[v1]

it's what you need, when you need it!

We should be grateful.

Autocomplete

[sgunhouse]

Must not be any Opera users posting. Opera has this nice feature, if you type "roadrunner" it'll automatically add the "www." and ".com", or if you provide several suffixes "com org net edu" it'll run through the list in order to see which works - and of course accept whichever comes back first. Any of these "search" things break that feature by causing the first combination to always work. Needless to say, I told woh.rr.com to turn it off ...

Wiki-DNS?

Would the solution to all this be some sort of wiki approach to DNS? Suppose it's the DNS anyone can [alter]. Now, "the command (wo)man" can agree on a given DNS. Given enough eyeballs...

Happened to me *without a typo*

[patmandu]

Just to add that crowning touch, I got their stupid ad page on a saved bookmark. The url was completely valid, the site was up...just some sort of DNS timeout (how convenient) that invoked their ad page.

A few clicks later and I opted out (gee, can I?) and got to the site I was originally after.

Just think of it...RR is essentially putting up click-through ad pages based on what URL I enter, or what links I follow. Golly, just what I was hoping for.

Re:Happened to me *without a typo*

[corinnew]

Did you ever figure out why it was redirecting you even when the URL was correct? I keep getting redirected even when entering valid URLs. I have called TW to get this taken care of but most support techs seem unaware that they are even doing this. I'm waiting for the 4th tech person to come out and take a look at it now.

Opt out by IP on CABLE???

[Khyber]

What are you smoking? Unless you paid for a static IP address the only way to actually opt-out is by the MAC address of the actual hardware, since Cable modem IPs are dynamic and will change every day or every modem reset.

Re:Opt out by IP on CABLE???

[ters+a-zA-Z0-9$_.+!*]

what are you smoking? some companies you might as well have a static ip, i have cable internet with a st Louis based isp and have had the same ip for over a year (cease and desist order from last year confirms this.) i've tried to get a new ip but there dhcp always gives the same ip

The big question is...

[qwan]

What will the ISP gain??(in the long run).
Just look at the response to this kind of tactics. What do "we" do, we don't use the search page provided nor do we click on any link, "we" instead search for the "opt-out" button and opt-out.
So advertisers should get smart, and realise that "forced" advertising is not going to sell their products.
But I am sure that there might be a category of people who might click on these links. Will those clicks be enough to get advertisers.
If this post gets famous then many people will choose to opt out of it.
Maybe if there is movement of "awareness" then they might stop using this.
And isnt there a rule on such DNS activities(ethically speaking).
No-one should be redirected unless they ask for and not the other way around.

does RoadRunner is the only 1 doing this in usa

[chandlerding]

I'm from China, lot of cities the ISP (China Telecom,ChinaNetcom,etc) hijacked our browser since a long time ago. Somtimes I entered google.com, they gave me a page said that " You should renew you broadband account asap ( if you've done this, please ignore this page ) ". How on earth can I ignore that? And ChinaTelecom sometimes even tried to force all users use there own dial up software ( like an IM software with a lots of advertisements on the screen .....).

DSL

[dionnow]

Companies make money where they can. Cable is not the only one moving this way. Centurytel is moving to implement NebuAd onto it's DSL network soon. Frontier Communications also testing out a "DNS redirect service".

Embarq DSL

[Kiffer90210]

Embarq DSL has been doing this for a while (at least in Virginia). It's fairly lame and obnoxious, as I'd rather see a "server not found" error than be given the runaround.

RR DNS is lousy in my area

I (have to) use rr in cincinnati, and I kept finding myself in situations where my internet access was just fine, but their DNS was down and out. I got so tired of it, I had to switch to OpenDNS. I have no idea if rr ever got their act together on DNS, but I won't be finding out on my own.

Too late

[Random832]

You're too late! Someone already replied saying that.

RR intercepting valid domains?

[corinnew]

Has anyone had valid domains intercepted by this new service? Since about a week or two ago I have been redirected to Time Warner's landing page pretty much randomly - even when there is NO TYPO in the URL. I have screenshots of this - I swear, no typos!

I think that the server connection might be timing out and then handle it like a mistyped domain. I've since turned the redirection feature off but there still seems to be something wrong with the domain handling. For instance, I might try to load http://www.youtube.com/ but it won't load. Before turning it off, I would be redirected to RR's new landing page. Now I just get a server not found message. The really weird thing is that if I remove the http://www/ from the address (type in youtube.com), it'll work. It'll also work by typing in the IP address instead of the URL. This happened while RR was out here and while on the phone with them. After a day on the phone with their support service (5 separate phone calls to be exact!), and 3 different tech people coming out to look at the problem, we still haven't fixed this. Most of the people at TW I talked to don't even know they are redirecting domains!

One of the guys said I looks like a DNS problem, but they won't look into that until more people from my area call in with the same problem. Any suggestion on how to fix this? Or whether it's related to their domain interception system.

I should mention I have a wireless router (non TW), and a brand new cable modem (replaced today) - TW agrees it's not the equipment.