Slashdot Mirror
RoadRunner Intercepting Domain Typos
shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.
Verizon DSL does this too. I don't see how this is a story.
This has actually been going on for a few weeks now for New York area customers. However, there is an opt-out option that comes up on the page that comes up. I'm not quite sure how it tracks those opt-outs (by ip address perhaps?), as I didn't delve into it too deeply.
http://arstechnica.com/news.ars/post/20070621-sitefinder-redux-verizon-tests-dns-redirect-service.html
I' pretty sure it opts out by IP addresses - none of my machines came up with that junk after I opted out on one of them.
Even in Firefox, all domains are intercepted and the search page is delivered if you just type the name (good or not)without http:/// and hit enter. IE users won't notice this as IE already delivers MSN Search if you try that.
Why would you think Lynx would be immune to this? Lynx requests 'www.slfjiuhsf.com' and gets data back.
I use Cavalier Telephone DSL and they've been doing this for years. I called them about it and they suggested that I use alternate DNS servers. Nobody has complained, nobody even cares. IMHO, this is another network neutrality-type issue. Followed the protocols, provide access - don't reroute/intercept/redirect me. (FYI to anyone else using them - they monitor your BitTorrent downloads too.)
Lest anyone think this demonstrates that Road Runner is intentionally blocking Google, the trick here is that you can arbitrarily edit the string after ?origURL= to produce a page describing any website couldn't be found.
How ironic... someone registered www.jkshdfkljh23sadf.com as a parked domain. Wow these ppl need help.
As far as I can tell, it started in Los Angeles sometime in the last few weeks.
Microsoft delenda est!
The problem here is that what TW is doing breaks DNS. By the RFCs, when I try to resolve a name that doesn't exist, I'm supposed to get an NX "record does not exist" result. What I get instead is an affirmative A record "name exists at this address" response. What happens at the browser level is irrelevant, TW's DNS system has already lied about the state of the DNS records associated with a given domain. This badly breaks a lot of things that aren't browsers that use HTTP and depend on correct NX responses to tell them when the server they're trying to talk to doesn't exist.
As long as TW doesn't block direct use of non-TW DNS servers this can be worked around. If they start blocking that access, or redirecting all DNS traffic to their servers, then we've got a major problem on our hands.
FAIL for failing to understand how DNS works... Your statement is only true if you are running a caching server. No reason why bind can't do its own lookup. You lose out on the cache benefits of a larger DNS server, but don't have to rely on anything other than the roots.
There was. What TW's doing is more pernicious, though. When NetSol was doing it, they were returning the A records directly from their first-level nameservers. BIND's no-delegation option can deal with that, because those first-level nameservers aren't supposed to be returning A records and BIND can translate those response into proper NX responses. With TW, since their DNS servers are supposed to be returning A records, there's no way to tell whether a particular affirmative response is valid or invalid. The only way to fix the problem is to cut TW's servers out of the loop entirely. All well and good, until of course TW either starts blocking all traffic to port 53 that's not to their DNS servers (like they do with outbound to port 25 now) or silently redirecting all DNS queries to their servers. Note that both of these are trivial, my own firewall has (commented-out) rules for both and neither takes more than about 3 lines.
They're tracking by the cable modem's MAC address. There's a page explaining this (and how it's insecure) here:
http://rgov.org/road-runners-dns-wildcard
Just commenting that their filtering is browser independent. It is simply based on DNS lookup, yes - but did you know that before hand? I have tried lynx -useragent=Various_Options and convinced myself of that. Do you understand that many servers will respond differently dependent on User-Agent: ?
What other people think of me is none of my business
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
OpenDNS has a blog post explaining why they're doing that: http://blog.opendns.com/2007/05/22/google-turns-the-page
Either it gives you the correct IP, in which case they have no chance to do anything based on your user-agent, or it gives you the wrong IP, in which case their behavior is incorrect no matter what is going on. User-agent sniffing can't happen until much later than any of the rest of this stuff.
The plot thickens. Have a look at this OpenDNS blog entry which explains the rationale for the Google interception. At least it's a plausible justification, though I don't have a Dell and I'd prefer my Googling to go straight to the source without intermediaries, so I'm keeping OpenDNS off.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
People frequently ask us how we can offer such a fantastic service without charging a dime.
OpenDNS makes money the same way Google and Yahoo do -- by showing relevant ads when we show you search results.
http://www.opendns.com/how/free/how-can-opendns-be-free/
We have researched this here in Charlotte, NC. I don't think its opting-out by IP address- I think it's going by the cable modem MAC. The reason is, users we checked with are only able to opt out if they have a TW/road Runner cable modem (rented from TW/RR). Those who own their own modem and placed it on the TW/RR network can opt-out, but the re-directing still occurs. Seems to be specific with either a config file placed on the TW/RR modem or the MAC address of the modem itself.
We are still doing tests (it just started here in Charlotte yesterday).
Another change over the past few days is that newsgroup access has been halved (connections) from 8 to 4.
Repant. Thy end is sheer.
I noticed this happening on my connection in the cleveland area (strongsville) a few weeks ago. But I promptly disabled it when i realized it was screwing with my intranet domain resolution. (i.e. ping basementserver would come back with roadrunners IP. extremely agrivating)
Wrong. You change "Search from the address bar" to "Do not search from the address bar"
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
The features are tied -- when typo-correction is off so is the google redirection.
If you're running a mail server or for any other reason want it turned off, just email contact at opendns dot com with your username and tell them you want it turned off.
-david
# Hack the planet, it's important.