Slashdot Mirror
RoadRunner Intercepting Domain Typos
shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.
My local ISP (Insight in Evansville, Indiana) does the same thing. Even worse, when you 'opt-out' of their URL redirection, they instead redirect you to a fake IE error page. Slimy.
... if it were opt-in and not opt-out. I would like to think that the majority of Internet users who don't use Slashdot have no idea about what actually happens when you type in www.dlibert.com, for example.
Send an e-mail to your subscribers and let them enable the feature if they so desire, but don't force it on your userbase.
Proudly supporting the Libertarian Party.
Yea, I noticed this as well and also didn't think something so trivial was news worthy. Now I'd like it if they also re-directed typo-squatters domains as well. That would be a public service, especially anything in the .cm TLD.
I don't know, but it works for me.
They already have a link from the homepage of slashdot, who wouldn't want that domain?
Mod me up, mod me down, do your worst you modding clown.
I care because if I typo an address, I can click in the URL bar and edit it. When I am redirected to a f*cking helpful search page, I can't do that anymore. I have to select, cut, edit, a whole GET string. It's a pain in the ass. Also, some people use other network enabled stuff than a browser.
I have FiOS at home and luckily VZ has an opt out if you want to go configure your DNS manually in your router.
Do you understand that your first post made it seem like you thought using a CLI browser like lynx could somehow magically get past your ISP's redirection?
:q!
Ah, you went for www.google.com which they seem to intercept, I went for google.com which they ignore (or did until they read this I guess).
Can't say routinely type in the www for any website - and get frustrated with the few sites that bork when you skip it. Nonetheless, the firefox search bar sends queries to www.google.com so this would hit quite a few folk if they use opendns.
I noticed this the other day, and IIRC they also had Yahoo adverts in there with the Yahoo search links, seeing as how they're partnered with Yahoo. If that's what starts to become the norm, then I've got a problem with it. It's bad enough that people have to pay the fees that they do, but to then have the ISP shove advertisements -- or have an excellent outlet with which to shove advertisements -- to customers who are already paying (or in some cases, like Comcast, overpaying) for their Internet connectivity bothers me immensely.
... well, being in my natural state. :)
I know, I know, if I'd type the domain in properly I won't see the bad domain interception. Still, it's the principle, just like seeing advertising in full-priced games. Either don't give me advertising or lower my rates.
Then again, it's possible that I didn't see any advertising at all and I'm delusional due to
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
It means that ISPs intercept server requests and redirect the user to a different server. In this particular case, you're right - whether I get Firefox to display a 404 message or a page from RR, Verizon or any DSL that essentially says "This site doesn't exist, but try searching through here" doesn't matter to me. I'll just type the address in again.
However, there is one instance where this issue matters right now: a lot of site monitoring still relies on pings or basic server lookups to figure out whether the server is up and running. This feature would immediately screw with that kind of monitoring. Basically, you cannot assume anymore that because a dns lookup or a ping returns a positive result that the server with that hostname is actually alive or in the DNS tables. Yes, there are ways around that, but it basically breaks one of the central tenets of the internet: the intelligence is on the edge of the network, and everything in between is just a packet forwarder.
More significantly though is that it redirects a user to a place that wasn't requested. Basically, it means that from a technological perspective, this no different than RR or Verizon taking my request to www.google.com and redirecting it to their own search page. See why this can easily become a very, very big deal? I can guarantee you that this is a trial balloon by the ISPs to see how users react to this. If this goes through, expect that at some point in the future, you will have to jump through hoops to get to the site you want, and not the site your ISP thinks you ought to want.
This is another problem that will most likely have to be enshrined in actual law: ISPs shall not take a request and redirect it elsewhere. The potential for and likelihood of abuse is just too large otherwise.
Welcome to the intelligent network. It'll be a nightmare.
Those who can, do. Those who can't, sue.
The user base is dumb.
One of the things most Internet Service Provider customers are paying for is... well, service. While I'm sure most of the Slashdot audience finds this service annoying, for MOST people on the internet, the resulting page is probably better for them than a blank error page.
And, opt-in is a lousy way to institute change. If you make the change, and let people opt out, everyone who the change helps will get it and everyone who doesn't like the change will opt-out, at the cost of the inconvenience of opting out once for the people who don't like the change. If the change is opt-in, then you have to communicate the change, and only some people are going to make it, even if it would be a good change for them, at the cost of everyone who wants to make the change having to specifically opt-in. Which is better - trying to get ignorant users to opt-in to something they don't understand, or allowing power users to opt-out of something they do understand?
The only exceptions to this is when the change is 'destructive', or you don't expect the change to be good for most people.
But if you're changing the default behavior (new users would have the new behavior) and the change is not destructive, there's nothing malicious about opt-out.
paintball
Say you've got a program on an embedded device that automatically downloads updates. It retrieves "http://updates.devicecompany.com/model/latest-firmware.txt" to check what the latest offered version of the firmware is, and if the latest is greater than what's installed it retrieves "http://updates.devicecompany.com/model/firmware-.dat" and installs it. If the company goes out of business or stops providing updates, updates.devicecompany.com won't resolve anymore or will return a 404 error, so the device doesn't need to do a whole lot of error checking. And error checking means more code, which means more memory needed to hold that code, and this device is designed to be as cheap as possible so it omits anything it doesn't need.
Now, suppose the company goes out of business. No problem for the device, the host it's at is supposed to not resolve anymore so it won't try to contact it. But now TW intervenes. Instead of failing to resolve or getting a 404 error, the grab of the latest firmware version returns garbage (an HTML page, not a properly formatted indication of the latest firmware version). Bam, device crashes. Or worse, it misparses the results and tries to download new firmware. Again, garbage (HTML page) instead of a valid firmware image. But since there's no error checking, it tries to load that HTML page into memory as a firmware image. Bam, one insta-brick.
Or suppose the device isn't even using HTTP. The DNS servers don't know what protocol the device intends to talk, it could be logging into an FTP server or querying data via SNMP for all TW knows. The application gets bogus DNS responses anyway, even though it's not using HTTP or the Web at all. Breakage is the least problem here. The application's sending things like passwords up to the server. Even if it uses SSL to protect against eavesdropping, the TW server is an endpoint and SSL won't stop the endpoint from seeing the data. Do you want to have applications handing your vendor-support-site passwords over to TW because of a typo in a hostname? I sure don't.
This isn't a problem when it's a human running a browser looking at pages. But there's a large chunk of traffic that isn't humans, isn't a browser, and isn't using the Web at all. And TW's change breaks everything except that small, select chunk that's humans looking at a browser window. Bad thing, that.
Still, the fact that they are hijacking the forward lookup without indicating that its hijacked is all wrong to me. If I can't trust OpenDNS to just resolve a site to the correct IP address, I don't really care about their justifications. It's simply no longer an option for me. I suspect a lot of others feel the same way.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Can you give me a specific example of what this breaks?
It breaks spam blocking.
1) One thing that spammers will do is send e-mail with a fake domain in the envelope sender field. My server checks this, and if it resolves, then that's one less tool I can use.
2) Another thing is checking a blocklist. IP address blocklists are queried using the IP address as part of a DNS lookup. Guess what happens when all of them resolve?
It also typosquats my domains (and every other business's domains) in a very non-ethical way that confuses people.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Sigh, and for those who still don't get it: HTTP is what your web browser uses to get web pages.
All those who are spouting "it's useful" or "I don't understand what the fuss is" or "why can't they do it?"... you simply don't understand the issues and shouldn't be commenting.