Canadian ISP Hijacking DNS Lookup Errors

Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."

Good Grief

[MightyMartian]

I know one problem it can cause is for a number of spam tests which look for the message coming from a legitimate domain. When the DNS server says "yup, that resolves" even when there's actually no domain, the test is defeated.

Re:Good Grief

[PunkOfLinux]

What the hell? Verizon is doing this now, too. Whenever I type in 'slashdot' in firefox, it just takes me to their useless search page, which is getting REALLY old now. I'm getting pretty disgusted now, and they should get it through their thick heads that if they're gonna charge us money for 'net access, they have NO right to make more money off of us by selling ads instead of allowing our browsers to function as expected.

Re:Good Grief

Verizon has been doing this for a while. I read the Terms of Service, Acceptable Use Policy, etc. every time they update it. It's clearly there, disguised as a 'feature' called DNS Assistance.

However, Verizon does have non-poisoned DNS servers which you can find in their Help pages, along with instructions for changing your machine's settings. http://netservices.verizon.net/portal/link/help/item&objId=23883

Re:Good Grief

[dosius]

They tried to get me to use their poisoned servers, and as soon as I found out (btw, they DO report nxdomain, along with their error handling servers), I went back to the old ones.

The poisoned ones were 68.237.161.12 (nsnyny01.verizon.net) and 71.250.0.12 (nsnwrk01.verizon.net), and the unpoisoned ones are 151.202.0.85 and 151.203.0.85.

-uso.

Re:Good Grief

[Lord+Haw+Haw+Haw]

Our thuggish ISP here in India by the name of Airtel does the same. Who's to catch them out? Nowhere to complain to. What's more, they do it only for Home customers and not corporate customers. They think they are mighty clever at that.

Re:Good Grief

[Clete2]

RoadRunner is still doing this in South Carolina! UGH.

Re:Good Grief

[Constantine+XVI]

Change your DNS servers. 4.2.2.1 through 4.2.2.6 are known clean DNS servers. Most routers will let you change your DNS servers for your entire network.

Re:Good Grief

[c_g_hills]

Verizon's non-poisoned dns servers are vulnerable to the newly discovered dns vulnerability. Shout at them!

151.202.0.85 is POOR: 26 queries in 2.1 seconds from 22 ports with std dev 19.03

151.203.0.85 is POOR: 26 queries in 2.4 seconds from 22 ports with std dev 15.08

Check for your self using `dig porttest.dns-oarc.net. in txt`

Re:Good Grief

[dosius]

They work for me... you know any better ones?

-uso.

Re:Good Grief

[aztektum]

I switched over to using OpenDNS with my Linksys router and I get redirected to their fancy advert pages when I mistype something as well.

Re:Good Grief

[notnAP]

Verizon here in Dracut, Mass. (via DSL) is not doing it, at least for now. I have seen it happen sporadically in the past two years.

My favorite test, making sure I'm avoiding something I hit recently and therefore is cached somewhere, is to type in 3-4 random alpha characters (sans a tld). Every 3-4 alpha character domain name resolves to something in the .com TLD.

Re:Good Grief

[c_g_hills]

According to Paul Vixie, Level3 operators have said that they plan to restrict access to these servers in future to customers only, so make sure you have an alternative available!

Re:Good Grief

[tomblag]

Strangely enough, my failed dns searches don't seem to resolve to verizon's search page now. And I haven't tried a clean dns server.

Re:Good Grief

[davolfman]

To be honest I still think this thing is a bomb waiting to go off when it comes to anything outside the TLD's. In my mind if someone does this for say badmachine.slashdot.org they are pretty much guilty of criminal trespass, trademark violation, and/or fraud. Within the TLD space say www.badurltest.org where the typo isn't already someone else's claimed property they can pretty much do whatever they want, or whatever we let them.

Re:Good Grief

[woot+account]

That's the entire purpose of OpenDNS. Open is just a misdirection word they stuck in there to make themselves sound better than they are.

Re:Good Grief

4.2.2.1
4.2.2.2

Re:Good Grief

[John+Hasler]

> In my mind if someone does this for say badmachine.slashdot.org they are pretty much
> guilty of criminal trespass, trademark violation, and/or fraud.

Fortunately, your mind is not a court of law.

> Within the TLD space say www.badurltest.org where the typo isn't already someone else's
> claimed property

No string of characters is or can be property.

Re:Good Grief

[bconway]

Worse.

$ dig +short porttest.dns-oarc.net TXT @4.2.2.1
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"209.244.7.40 is POOR: 26 queries in 2.0 seconds from 1 ports with std dev 0.00"

$ dig +short porttest.dns-oarc.net TXT @4.2.2.2
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"209.244.7.34 is POOR: 26 queries in 1.9 seconds from 1 ports with std dev 0.00"

Re:Good Grief

No string of characters is or can be property.

Really? Quick, tell the US Patent and Trademark office!

Re:Good Grief

[NevermindPhreak]

Not just Verizon. The article said that Road Runner had been caught doing this, but as a user of this service, I can say from experience that they still do. Though, the weird thing is that it only happens about 10% of the time, whereas it happened 100% of the time at one point.

As someone pointed out earlier, you can change your DNS servers to 4.1.1.1 - 4.1.1.6, as those servers belong to Level 3 Communications, a backbone provider. No guarantee they won't do it in the future, though.

Re:Good Grief

[Stunning+Tard]

Somebody else here mentioned you can turn off the search redirect if you get an account. worked for me.

Re:Good Grief

[SD_92104]

COX has started doing this as well a few weeks ago - the sad thing is that technical support doesn't have a clue about this - when I complained to them they told me how to setup IE in Windows in their boiler-plate message...

Re:Good Grief

[no1home]

Maybe I don't understand the complaint. I use OpenDNS and I don't see any advertising. (If you do see heavy advertising, I'd love to see a screen shot.) It's true you don't get the "404" error and you instead get a search page provided by them, but that's no different than telling your browser to search Google/Yahoo/MSM when an address can't be found. Only a few of us prefer the old 404 error and most want suggestions on where to link to. The advantage to OpenDNS is in having an account (I use the free one) and applying filtering to suite your needs.

I live in Charter territory and they too have setup their own DNS-fail page. You can opt out by going to some website of theirs and telling it to bugger off, but it requires cookies. If you wipe your cookies, you have to reset this. Their search results aren't very good and, since setting up OpenDNS on my router*, I've had better results. I've found that some types of common mistakes are auto-corrected (only if it can't find what you typed or clicked on), so the results have been very good. The users in my home only see my logo picture that I've uploaded and some relevant search results when they try to go to an invalid web address. Are some of these search results paying to be visible? Sure, just like Google, et. al. So what. I feel better with them because I control what happens with the 404 errors, not Charter. And, because there's a kid in the house, I can control the filtering. Just a side benefit.

As for they're being 'Open', I agree that the name is misleading due to the now common use of the word in computer culture. Where do they give us access to the code and how would we use it or implement it if we had it? However, they are open in that anybody can use the service for free.

Now, for the issue at hand, the ISP 'hijacking' DNS lookup errors, what is the real problem with this? A failed DNS lookup fires back the old 404. Used to be, that's exactly what we'd see. But browsers evolved and are now setup to use a search service (MS, Google, etc.). This is where the problem is with the ISPs performing this stunt. They are over-riding your personal settings. I don't think it has anything to do with DPI (as I read in someone else's comment) or even any invasion of privacy. I don't see any such conspiracy. The only Bad Thing® I see is that they ignore our personalized settings and force their setting upon us. So let's not jump up and down calling this something it isn't. We don't even need to since the real problem is bad enough a it is.

*You might not have access to do this to the router provided by your ISP, but you can hook up a router you do control to that one. Set it up to use DHCP, as you'd expect. It will, of course, get the standard IP/Gateway/Subnet/DNS info. But, since it's your router to control, you can now tell it what to assign to the computers attaching to it, including what DNS servers to use. In my case, I choose to use OpenDNS. You might choose something else that you have permission to use. I've had no failures in this at all and it seems Charter (Verizon, AT&T, whoever-ISP) can't 'fix' that.

Re:Good Grief

[Trailwalker]

AdBlock gets rid of the Verizon "search" page.

Clickity, clickity, never see again.

Re:Good Grief

[Curtman]

Maybe I don't understand the complaint. <snip> Only a few of us prefer the old 404 error and most want suggestions on where to link to.

I think the most annoying aspect is how we get used to leaving off the 'www' at the beginning of domains with Firefox, and Firefox adds it in for you if the non-www address fails to resolve. With this DNS hijacking this feature is broken.

Re:Good Grief

[no1home]

I think the most annoying aspect is how we get used to leaving off the 'www' at the beginning of domains with Firefox, and Firefox adds it in for you if the non-www address fails to resolve.

If I hadn't commented, I'd mod you up as informative. I didn't know this. In both browsers, I use {CTRL}{Enter} and they auto-add the 'www' prefix and 'com' suffix. I'd never not used that or manually typed 'www'.

When I get home, I'll have to see if OpenDNS handles this correctly (I think it should, but that's a guess).

On a side note, I used the usual brackets for CTRL and Enter to indicate the keys, but they were parsed out by the comment system, seemingly because they looked like HTML commands. :) Ergo, I used different brackets. I'm amused.

Re:Good Grief

[rs79]

Yeah, Paul's big on DNS "Alternatives". Not.

Hughes does this too now with their sat service. Never mind I use my own dns servers, their "transparent" web proxy does it's own dns and ignores the ones you use. Just for web.

That is, I can FTP to say, "free.tibet" but if I try for that web page I get a hughes/yahoo thing that says "did you mean..." (no, I did't you asswipe) Grrrrrrrrrr.

Vixie of course, invented the "transparent web proxy" to "get around" the "problem" of people using non-iana roots to get at web pages in alternative dns spaces about a decade ago. He was right smug about it at the time.

In 1994 Ted Rogers spoke at a conference in Toronto. He said what sounded to me like really stupid things about the net.

When he was done, he just left and didnt hang around.

The next speaker was Nick Negroponte whose first line was "It's a pity Mr. Rogers left because I'd like to have a chance to tell him everything he said was wrong."

It hasn't got any better. Rogers will screw you every step of ther way with every service they have from my perspective. Bail, kids, bail.

Re:Good Grief

[Curtman]

On a side note, I used the usual brackets for CTRL and Enter to indicate the keys

You can use '&lt;' to display the first one.. It'll leave the closing one (>) alone after that.

Re:Good Grief

[adriaticc]

But if you're using Opera, you can just type /. into the location bar. Built in slashdot resolution!

Re:Good Grief

[Dan541]

So if my server is offline my visitors get redirected to another site, what happens when my server comes back online? I guess I have to wait for the user to flush their DNS.

I don't want my users being taken to another site if the server in oneday offline.

Re:Good Grief

[rs79]

" we get used to leaving off the 'www' at the beginning of domains with Firefox "

Netscape 1.0 did this 15 years ago. Every credible browser since then has too. www.name.com became a fashion statement more than an address of where port 80 (http, or "web") service was on a specific network as was the original intent of that nomenclature.

Re:Good Grief

[Rayban]

If you want to teach them a lesson, put this in a hidden iframe on all of your sites:

http://www20.search.rogers.com/options?choice=none

Re:Good Grief

[totally+bogus+dude]

It's annoying because it does change behaviour at a more technical level.

With non-hijacked DNS, if you enter a non-existent hostname, you DO NOT receive a "404" error. "404" is an HTTP status code which means "not found". This can only be generated by a web server and only makes sense in the context of requesting a resource from a web server, and the server decides it does not exist.

It follows from this that if the hostname does not exist, then you can't connect to a webserver at the address (because there is no address), and therefore it is completely impossible for you to receive a "404 error". Instead, your browser (or proxy) discovers the DNS lookup returned "non-existent domain", and does something other than trying to connect to the server. It may try variations on the address you provided, it may send a query for whatever you typed in to your favourite search engine, or it may display an error page/dialog. The point being, lots of people use "404" to mean any kind of error, whether it's a broken server or a missing resource or a host that doesn't exist; but that's technically wrong (the best kind of wrong).

This isn't too big a deal for web browsing, aside from overriding the user's preferences. But there are uses for DNS other than the world wide web, and there is no way for their DNS server to know whether you're looking up a website address or an SMTP server or a DNS server or an FTP server or anything else. This means that in order to provide this "feature" for mis-typed web requests, they fuck up everything else that does DNS lookups. Sometimes they try to implement workarounds to limit the damage it causes to other protocols, but they're always just workarounds and therefore "less good" than simply not screwing with the semantics of DNS in the first place. Remember when VeriSign did this and fucked up their fake SMTP server?

I don't really have a problem with OpenDNS doing this, as they're upfront about it and if people are willing to risk the problems this may cause for whatever benefit they perceive they're receiving, then that's their choice. The problem with ISPs "forcing" it on unknowledgeable users is that if they do have problems because of it, they're not likely to have any idea what's gone wrong or that the weird shit going on is because their ISP or whoever decided to try to monetize typos. After all, if your mail client says "connection refused" or "connection timed out" or "access denied, check your username and password", it's going to take you a lot longer to realise you've mistyped the server name than if it said "host does not exist".

Re:Good Grief

[no1home]

With non-hijacked DNS, if you enter a non-existent hostname, you DO NOT receive a "404" error. "404" is an HTTP status code which means "not found". This can only be generated by a web server and only makes sense in the context of requesting a resource from a web server, and the server decides it does not exist. [snip] The point being, lots of people use "404" to mean any kind of error, whether it's a broken server or a missing resource or a host that doesn't exist; but that's technically wrong.

You are very correct and I should have known better than to take a terminology shortcut in this forum!

The end result is that we have to find some way around the ISP wrongfully hijacking not just our browsers, but our entire connectivity and these workarounds have pretty much the same drawbacks as the hijacks themselves. At least we have control over which drawbacks to choose or not choose. It's just that the ISPs shouldn't makes put us in these positions.

Re:Good Grief

[davolfman]

Then we should all get our money back for our domains. Alright so it's impinging on an exclusive right purchased to all domains under a particular domain. Since it's not permanent it's joyriding with a domain name at best, and in most of the US I think that's equivalent to stealing. Or it could be some charge of impersonation. There are just so many ways to make a lawsuit out of this it's not funny.

Hijack? Rogers ?

[carlvlad]

aaaa'rrrr!

Re:Hijack? Rogers ?

[Mordok-DestroyerOfWo]

I guess you can say they're no longer very...jolly?

Re:Hijack? Rogers ?

[carlvlad]

Who would, after battling torrents ?

Re:Hijack? Rogers ?

[Adambomb]

God damn them all
I was told we'd block the seeds for american gold
we'd waste no puns, drink more beers
Now i'm a broken man with an unresolved peer...
the last of rogers marketeers.

Well I'll be...

[Shabbs]

This must be brand new. I did a test just now and a bad URL sends you here:

http://www20.search.rogers.com/search?

With appropriate variables substituted for what you were typing of course, like this:

Enter: http://www.rogersblowz.com and you get:

http://www20.search.rogers.com/search?qo=www.rogersblowz.com&rn=mEelOh0JrKFZejZ

Let the debate rage on!!!

Re:Well I'll be...

[Holmwood]

Worse than this even. I've been redirected to Rogers Search pages, replete with advertising, for domains that I know exist, and that I know have been entered correctly (e.g. via a bookmark).

It used to happen a lot with http://ragnartornquist.com/ (Tornquist is a senior game designer for Funcom). Granted that's a tough name to spell properly for a North American, but since I'd click on a bookmarked link, or a google page, I was sure it wasn't a problem with my typing.

What started to give it away as being something at Rogers (rather than my computer infected with malware) was that this was happening on every device I connected to the net -- Lynx on BSD, Safari on Apple, Opera on Maemo, Iceweasel on Ubuntu, and, of course, Firefox/IE/Opera on Windows.

(Yeah, I have a lot of different OS's sitting around!)

For a while I then became convinced my router had been compromised, but even switching routers didn't fix it.

Concluding it was unlikely that five different OSes and myriad different browsers had all been compromised, as well as two different routers, I contacted Rogers.

They said they were experimenting with "Software Improvements" and that the problem should go away for existing domains.

Well, using a proxy fixed it for me. But not a pleasant solution.

Software Improvements.

And the problem did go away for me at least. But I wonder if anyone else is being redirected to Rogers garbage pages for domains which exist.

Holmwood.

Re:Well I'll be...

[failedlogic]

I had Rogers up until about 1 year ago and the DNS servers were generally flaky. I guess they'll work better now that they have a way to make money off it. Ditto QUS on VoIP call since there's Rogers Home Phone. Does QOS still work against Vonage and such?

Strangely, I remember reading about 4 to 6 months ago the redirections were already starting. Rogers tends to release things into test markets and see how many complaints they get. If most people don't know or don't care they go ahead and roll it out.

Re:Well I'll be...

[KGIII]

Granted that's a tough name to spell properly for a North American, but since I'd click on a bookmarked link, or a google page, I was sure it wasn't a problem with my typing.

'Snot very nice of you to insult North Americans so openly and to make such broad sweeping strokes about the intellectual capacity of North Americans.

Ah well. I think you might be right though.

Re:Well I'll be...

[fluffman86]

same thing happened to me the other day using "Earthlink" service from Time Warner Cable. (we had roadrunner, but the promo period was over so we kept the same service but our ISP started showing up as earthlink...it's stupid) For some reason, google.com does not exist anymore :( Switched to OpenDNS, and everything is fine. I switched back a day later and everything is fine again with earthlink's DNS. I still hate their stupid ads, but I as long as they work most of the time I'd really not help kill OpenDNS's servers.

Re:Well I'll be...

[RAMMS+EIN]

Some ISPs will indeed show their annoying search pages even if the domain exists. I used to access the Internet via my phone and get redirected to a page that had some colorful images on it and some text, dependent on the domain name it was for. It annoyed the life out of me, especially because it would also, for example, happen to return that page instead of an image, or instead of sending the form you just filled in to the right server. Fortunately, I had already started the process of switching to a cheaper, faster, and less obnoxious provider.

FYI: the "obnoxious provider" in question is Orange. I live in the Netherlands - I don't know if they do the same in other countries. I have heard that they do the same on their ADSL lines, though.

Re:Well I'll be...

[pjbgravely]

Even worse, Frontiernet.net does the same thing, from a bookmark the correct URL sometimes gives the search page, and even better, the URL is number 10 on the search list. I guess you have to keep those paying customers highest no matter what. Paul

Re:Well I'll be...

[Jorophose]

I just get "404 Not Found" / "404 Not Found" (title/page).

I wonder if they've suspended it? I've noticed that for a couple days now, but I returned home recently and only used my computer starting two days ago...

Oh, and for some reason the windows computer here has its IE and by consequence Opera bookmarks littered with rogers shit.

Re:Well I'll be...

[Jerry+Smith]

Some ISPs will indeed show their annoying search pages even if the domain exists.
...
Fortunately, I had already started the process of switching to a cheaper, faster, and less obnoxious provider.

FYI: the "obnoxious provider" in question is Orange. I live in the Netherlands - I don't know if they do the same in other countries. I have heard that they do the same on their ADSL lines, though.

Tele2 does this as well, but differently...
When I try to check the remaining credit on my prepay phone, it immediately responds with: "This number does not exist, please go for the correct number to our directory services, the number is 0900-VERY-EXPENSIVE".
Funnily the call-credit-number I dial is on the default SIMcard-phonelist... no way that it could be wrong! Even more funnily: when I hit redial for that same 'non-existing' number it connects and tells me my credit...

easy solution

[FudRucker]

http://www.opendns.com/

basically it is remove your ISP's dns#s and add these

208.67.222.222
208.67.220.220

Re:easy solution

[v1]

so, how long before your ISP starts blocking use of DNS servers other than their own?

Re:easy solution

[tgx]

no, they're doing the exact same thing.
they're redirecting invalid requests to
http://guide.opendns.com/?url=%5Burl.here%5D

$ host aoeuidhtns.com
Host aoeuidhtns.com not found: 3(NXDOMAIN)

$ host aoeuidhtns.com 208.67.222.222
aoeuidhtns.com has address 208.69.34.132

Re:easy solution

Nice try but Open DNS also redirect invalid DNS request

Re:easy solution

[Shabbs]

Funny thing is that OpenDNS also re-directs bad URLs to their search page. So really, how much better is it? ;)

Re:easy solution

already happening here in italy... both the ads on false page and i can not use opendns nor OpenRootServerNetvork

Re:easy solution

[ribit]

that's not full internet access.

Re:easy solution

[deraj123]

For all those responding to your post that OpenDNS does the same thing. I am currently using OpenDNS, and it is working exactly as I would like, with no invalid responses, no ad-search type pages, etc.

If you sign up for an account (free) with OpenDNS, they give you a dashboard where you can configure how you want them to respond to certain types of requests. If you turn ALL of the options OFF, then their DNS service acts exactly as it should, with no hijacking of your requests. (for awhile, you couldn't turn off the google redirect issue, but they've even added an option for that now...)

Re:easy solution

[antdude]

That's great if you have more than one ISPs. For me, cable is the only broadband ISP. If I want others, then I have to go back to dialup!

Re:easy solution

[camperdave]

Very few ISPs provide you with full internet access. Most, according to their Terms Of Service, do not allow you to run servers.

Re:easy solution

[John+Hasler]

> Every ISP does that now.

CenturyTel isn't doing it here.

Re:easy solution

[TealShark]

... which you can manually stop them from doing by disabling typo corrections in settings.

Re:easy solution

[ribit]

But in practise they do allow it. They might be trying to stop people serving high-traffic websites from home, but if my ISP stops me serving my own files to myself over port 80 (to allow me to login and grab files when on the road), I will move to another ISP, because I want full internet access. If nobody offered that, I'd start an ISP myself.

Re:easy solution

[jcam2]

Worse still, they were (and maybe still are) redirecting lookups for google.com to their own servers .. and I'm pretty sure that Google isn't often down.

Re:easy solution

[Shabbs]

HA! A few of us have these in our back pocket for when the DNS servers we're using go awry in order to get back on the 'net. I don't use them regularly though. Just as a backup option. And they're easy to remember. The series goes all the way up to 4.2.2.6 btw.

Re:easy solution

[corbettw]

Too be fair, you're not paying OpenDNS to access their servers already. So when they redirect bad requests to a search page, it's not quite as bad. I'm curious if their for-pay DNS service redirects, as well.

Re:easy solution

[davidu]

1) Our DNS is more secure. This has been shown by third parties now numerous times.
2) Our DNS is faster.
3) Our DNS lets you block out responses you don't want.
4) Our DNS lets you turn off the search result pages, though most organizations like them and customize them.
5) Our DNS has a complete dashboard of stats and settings and is 100% opt-in. If you don't like it, don't use it (but nearly everyone who tries it likes it).

Comparing us to Rogers is like apples and oranges.

-David

Re:easy solution

[Stunning+Tard]

Thanks so much for the tip. All converted now.
I also took the advice of another comment here and created an account so I could turn off openDNS's search page.
And I must say I'm astounded at the changes Rogers is making lately. And I don't think they're done.

Re:easy solution

If you get an OpenDNS account, you can tell it to not redirect.

Re:easy solution

[Shabbs]

Are OpenDNS and EveryDNS related? I was talking about OpenDNS.

Re:easy solution

Their search page shows ads which would in turn pay for their FREE services, including the fact that you can actually do some useful things, like customize that page so that it looks exactly how you want it, and you can make OpenDNS block offensive domains, get request details, cache hits, etc.....

All over, OpenDNS being a free service, I have no problem with hitting their search page, I look at it as paying for the free service they provide. For that matter, any of us here are probably already using ABP, and No-Script in firefox, so its not like we really have to worry about getting bombarded by shit....

Re:easy solution

[kiehlster]

Yes, and if one is too lazy to find and disable that, they can just add guide.opendns.com to their hosts file pointing back to 127.0.0.1.

Re:easy solution

[davidu]

I am the founder of both companies. :-)

Re:easy solution

[darrenkw]

Right, however, if you sign up for an account you can turn that off for your router.

Re:easy solution

[diamondsw]

"Features that will not work without typo correction enabled: shortcuts, adult site blocking, custom image, custom message."

No, I just want to get rid of the damn search page misfeature. For being such otherwise "good guys" and very technical, I'm amazed that they screw things up in this fashion so very badly.

Re:easy solution

[Shabbs]

HA! Nice. Very cool. Keep up the great work.

Re:easy solution

[MrZaius]

Funny thing is that OpenDNS also re-directs bad URLs to their search page. So really, how much better is it? ;)

Add to that the fact that they're also redirecting Google's traffic to themselves.

Plus, to add insult to injury, they don't offer "unpoisoned" servers like some ISPs mentioned above. They use your desire to not put up with this nonsense as an excuse to force users to register their names, IP addresses, etc and, if DHCP users, run ddclient or some equivalent. OpenDNS opens up some very, very serious privacy concerns, at this point in the game.

I for one will be setting up my own DNS server tonight. Enough, already.

Re:easy solution

[josh82]

[I]t doesn't take long until an OpenDNS drone recommends OpenDNS, yet somehow they always "forget" that tidbit. People who follow those recommendations are swindled as much as users of ISPs who manipulate DNS.

Except when you're not paying money for it, it's hardly a swindle (see: swindle).

Re:easy solution

[ProfessionalCookie]

Nice uid

Re:easy solution

[slashbob22]

I will also be starting to use a third party DNS server tonight. In the mean time I have had a conversation to lodge a complaint with technical support and also sent them a support request email asking similar questions. https://your.rogers.com/contact/contactus_main.asp

Ignore their servers

[surmak]

If the ISP is messing with the DNS service, the best thing to do is to use a different service.

For Linux/Unix users, you can just run a caching-only server on the desktop system, and it will issue its own name requests from the root on down. I've been doing a slightly more complex version of this at home for VPN purposes. (Forward requests to my employer's net to the private internal DNS server (through the VPN), while querying the public internet for all other servers.)

I don't know it a similar option is available for Windows users w/o shelling out big bucks, but it is technically feasible

If you cannot run a caching-only server, another option is to use a third-party DNS server. The only problem here is that it would not be automagically configured by DHCP, and would have to be manually set up.

Re:Ignore their servers

[nurbles]

That's great for people who use the service strictly for network access. But for folks who use the ISP's other services (like email, news, and possibly even web hosting) are likely to find that none of the ISP's servers are visible when not using the ISP's DNS servers from inside the ISP's network. I know this is true for RoadRunner, because I tried exactly what you said, only to find that only RR's DNS knows about their email or news servers, for example.

What bugs me most about RR's mechanism is that it seems to take some time before it starts working (after initially powering on the cable modem) because even attempts to visit places like www.imdb.com and www.google.com have taken me to RR's "perhaps you meant to type this" page, with the exact address entered offered as the first suggested "correction!"

Re:Ignore their servers

[notnAP]

How many people have their workstations directly connected to the internet modem, using a public IP ; and how many people have some sort of router between the modem and the workstation, like a home wireless router?

I'd guess the latter is far more common (and , of course, safer when done right). If so, you are likely running your own DHCP server on that router for your internal subnet, or have manually set permanent internal numbers for your workstations. In that case, you've also set your own DNS defaults at the DHCP Server or workstation setup.

Re:Ignore their servers

[__aanjtz122]

Mac users might like to know they already have a DNS cache running. lookupd caches DNS queries by default.

Re:Ignore their servers

[nabsltd]

That's great for people who use the service strictly for network access. But for folks who use the ISP's other services (like email, news, and possibly even web hosting) are likely to find that none of the ISP's servers are visible when not using the ISP's DNS servers from inside the ISP's network. I know this is true for RoadRunner, because I tried exactly what you said, only to find that only RR's DNS knows about their email or news servers, for example.

The only real solution is to run a local caching-only DNS server, and set it up so that all queries except ".rr.com" domains go out normally, while sending queries for ".rr.com" to their servers.

Since there are quite a few free (either open or closed source) caching DNS servers for almost every OS, there really isn't a reason why everybody doesn't run a caching server anyway.

Re:Ignore their servers

[msormune]

Why can't you run the same (probably open source) caching-only server on Windows? Without shelling out the big bucks :)

Re:Ignore their servers

[stevied]

I'm hoping to take delivery of a WRT54GL for precisely this reason. I can stick maradns on it, which does its own recursion, keeps an in memory cache, and randomizes the source ports of its queries (avoiding the other big DNS security issue that's come up recently.) This will be nicely platform agnostic, so the Win XP box on my home network is saved from being fdisk'ed for another few months..

(Of course, because my ISP uses PPPoA and not PPPoE, I've also had to get a Speedtouch 536, which can relay via PPTP to the WRT54GL. Oh well..)

Re:Ignore their servers

If the ISP is messing with the DNS service, the best thing to do is to use a different service.

For Linux/Unix users, you can just run a caching-only server on the desktop system, and it will issue its own name requests from the root on down. I've been doing a slightly more complex version of this at home for VPN purposes. (Forward requests to my employer's net to the private internal DNS server (through the VPN), while querying the public internet for all other servers.)

I don't know it a similar option is available for Windows users w/o shelling out big bucks, but it is technically feasible

If you cannot run a caching-only server, another option is to use a third-party DNS server. The only problem here is that it would not be automagically configured by DHCP, and would have to be manually set up.

According to the article (and I have a hard time believing this is what is happening, but can't test it myself), what's being reported is actual "Deep Packet Inspection" -- hooray for new buzzwords -- digging the nxdomain out and then forging the response to point to their servers. IF that really is the scenario, then this won't work.

Re:Ignore their servers

[PFAK]

TreeWalk DNS for Windows is a good caching-only name server.

http://ntcanuck.com/

What would be the danger...

This type of behavior is wrong on so many levels so I wonder what would be the danger of having ICANN police this type of behavior? It seems that ISPs are doing more and more to circumvent "standards" for their own gain. Would it be too much to ask ICANN to come up with a set of rules that ALL ISPs must adhere to or risk losing their netblock? I'm not even sure ICANN would do anything but I'm just posing the question.

Re:What would be the danger...

[Ant+P.]

Given that ICANN are worse than these ISPs, giving them *more* power over the internet is the last thing anyone should be suggesting.

Re:What would be the danger...

[mxs]

This type of behavior is wrong on so many levels so I wonder what would be the danger of having ICANN police this type of behavior?

You want to give ICANN a police force ? Are you nuts ?

It seems that ISPs are doing more and more to circumvent "standards" for their own gain.

And on their own networks with their own customers. Don't like it ? Don't buy their service. It is that simple.

Would it be too much to ask ICANN to come up with a set of rules that ALL ISPs must adhere to or risk losing their netblock? I'm not even sure ICANN would do anything but I'm just posing the question.

Yes, it would be too much to ask. ICANN can regulate registries. This has NOTHING to do with registries. This is a DNS resolver on a private network. If it wants to return 127.0.0.1 all day, it damn well better be allowed to. Ever wondered how DNS blacklists work ? Want them blocked too ?

How annoying

My ISP has been doing the same thing for a while now. It fucks with the stored history in my browser. I make a mistake and every time I'm typing in the correct URL later, my mistake is shown as an option from my history.

My ISP is the American ISP Charter. When I type in a bad url, I get a search page like this.

Re:How annoying

[jrwr00]

I'm in St. Louis, with charter internet, they do the same thing here, its annoying as hell

Re:How annoying

[Ant+P.]

Wow, I went clicking through the privacy link at the bottom and came to a one-line message on charter's site basically flipping people off for wanting to know the privacy policy.

Re:How annoying

[Jaseoldboss]

If you use FireFox, simply press the Delete key whilst the incorrect entry is in your drop down list (type something to make it appear).

If you use IE, you're hosed.

Noticed this yesterday too

[greatclare]

I noticed this yesterday and asked about it a DSL Reports and got some interesting replies like this one:
"I've recently noticed this as well. I use rogers DNS as a secondary dns and 4.2.2.1 as my primary. Either way 30 seconds after seeing this I got annoyed and in firefox 3 typed in...
"about:config" in the address bar, accepted the "This will void warranty" message and proceeded to type in "browser.search.search" into the filter bar
you should see "browser.search.searchEnginesURL" come up after typing it, all i did was replaced the default value to "www.google.com" and instantly every time i type something in it will goto google instead wooo!!!"
read more at - http://www.dslreports.com/forum/remark,20813296

Been done before

EarthLink has been doing this for years. They have a workaround using "unsupported" servers that maintains real DNS behavior.

http://blogs.earthlink.net/2006/09/more_info_on_dead_domain_handl.php

Fantastic.

[fuzzyfuzzyfungus]

Let me guess... They either already have, or soon will in a pitiful pretense of response to criticism, offer some sort of insanely weak opt-out mechanism.

I'm guessing one of two things:
Manually configure alternate DNS servers on a per device basis(a la Verizon's current setup, may they be thrice cursed)
or:
Something involving cookies, a la Phorm and friends.

For things like this, opt-out just isn't good enough.

Re:Fantastic.

[MightyMartian]

The solution is rather simple. Just run your own caching server. They're pretty trivial to set up, and other than updating the root servers every once in a while (I had this being done periodically when I was running Bind), the problem is solved. Unless of course they start intercepting port 53, but at that point, I'd say you have a seriously evil ISP and it's time to switch.

Re:Fantastic.

[fuzzyfuzzyfungus]

Oh, I agree, this one isn't hard to dodge, if one has even a modicum of skill; and I doubt that it ever will be harder than that, since the ISP probably doesn't make all that much money, per user, on this and thus has fairly limited motivation to piss enough people off to spark scrutiny, or even just spend money tightening the noose.

That said, I think that this one is a good example of the unpleasant fact that control doesn't actually have to be very good in order to have its effect(great firewall is perhaps the iconic example). This only gets worse when you consider that any given individual faces dozens to hundreds of impositions of this flavor, each requiring just a little bit of some flavor of knowledge and attention(different ones in different places, though. This one needs a dash of DNS-foo, something inscrutable involving credit cards will require a dash of knowledge of credit law tomorrow, the day after that it'll be something from the phone company about subscriber private information, and so on and so forth). In each individual case, there is arguably a decision being made; but the overall effect is a pretty sad mockery of the notion of choice.

PaxFire

[Effugas]

[This is Dan Kaminsky]

I took a look at what Rogers is doing. They're using PaxFire, who indeed was directly vulnerable to the attacks I described at Toorcon a few months ago. PaxFire fixed their stuff up, but yes, the security of the web at Rogers is limited to the security of those ad servers at PaxFire.

Re:PaxFire

the company i just left is using paxfire too. i kicked and screamed about it, but upper management only cares about the revenue that paxfire will share with the company. it's so wrong. i left 3 months ago after being there for 8 years.

The Verizon Annoyance...

[flajann]

You can "opt out" of the Verizon annoyance by modifying your DNS address by adding "2" to the last octet.

I've had to do this, and it works. No annoying Verizon snatching my failed DNS lookups!

Of course, if you try to get this out of their so-called "tech support", they will not know what you're asking for until you manage to get down to tier 2 or 3 or so. Amazing as it sounds, teir-one Verizon Fios tech support will glaze over at the mere mention of DNS, and will stupidly keep trying to get you to do inane things with your browser.

Re:The Verizon Annoyance...

[code65536]

Unfortunately, this is possible only for their PPPoE users. Customers outside of their northeast service area don't use PPPoE, and it's not possible to change the DNS servers in these non-PPPoE cases with the routers supplied by Verizon. >:(

Re:The Verizon Annoyance...

[John+Hasler]

Why so you have to use their router? Can't you put the modem in bridge mode and use your own router?

Re:The Verizon Annoyance...

[PunkOfLinux]

yes, you can. That's exactly what I have going on here. And I tried using OpenDNS and it STILL forwarded to the damn verizon page.

Re:The Verizon Annoyance...

[hal9000(jr)]

I have FiOS with the actiontec router and all you need is the password and you can tweak whatever you want. Verizon is actually pretty good about letting you manage your the router they supply. Of course, of you hork it, they tell to to reboot to factory defaults. :)

Re: the GP and not getting good tech support. When they first starting doing this, I followed the help, and it didn't work. I called tech support, the guy I talked to argued with me that 1) Verizon does mess with DNS and 2) I had a virus. Idiot.

Re:The Verizon Annoyance...

[sniepre]

What? That is ridiculous to say. If your provided router will not allow you to change the DNS servers it looks up from, then set your workstation to not look to the router for DNS! (Or, don't accept the DHCP handed off DNS ips that it gives you)

Just set your local workstations DNS to pull from, oh, 4.2.2.1 and 4.2.2.2 and just bypass their crappy DNS altogether.

Re:The Verizon Annoyance...

[Suddenly_Dead]

Why not? Why do you need to change it on the router's side? Can you not bypass the router's DNS server and just set another one?

Re:The Verizon Annoyance...

[flajann]

I have Verizon Fios, and it is NOT PPPoE. I was able to change the DNS setting without a hitch. You may have to do it in the "modem" itself. I have a NAT setup with a subnet behind the firewall with a DNS server, so I was able to alter the forwarding requests there.

Add Insight to the list

[sokoban]

I guess the thought with the ISP's nowadays is that "everybody else is doing it, why can't we?"

Re:Add Insight to the list

[sokoban]

And my comment was moderated...

+1 Insightful

[Rimshot]

Comcas

[wolfponddelta]

Where I live, Comcast started this a few days ago, as well. (a smaller company was sold to comcast last year, and so we were stuck with them). Oddly enough, however, instead of being redirected to a comcast page, we're being redirected to an earthlink ad page.

A spot of research brought up this Wired article from April on possible site hijacking through such error pages... http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html

Not sure if it's related, but Comcast was recently in discussions to sell their rights up here (that they just bought), and one of the possible buyers, iirc, was Roger's (though am not in Canada, just very near).

Rogers are Scum

[JeremyBanks]

I've switched over to TekSavvy and am very happy. Paying less, too.

Re:Rogers are Scum

[CastrTroy]

Is Bell still throttling their services? I know there's a courtcase going on right now against that, but I was wondering if they had to stop now, or if they could wait until they were actually found guilty of something.

Re:Rogers are Scum

[JeremyBanks]

I haven't heard anything new about that, I'm not sure if it's still being throttled, however the speeds I got when downloading were fine by my maybe-not-great standards (200 Kbps).

Re:Rogers are Scum

[s7uar7]

I'd switch back if I was you, they seem so be replacing proportional fonts with fixed-width.

Re:Almost affected

[Ihmhi]

And your link takes me to http://www.shoprbc.com/ca/index.php. Nice try at a Slashvertisement.

Just change DNS Servers.

[GNUALMAFUERTE]

This is the best way:

on resolv.conf:

nameserver 4.2.2.1
nameserver 4.2.2.2

If you have a laptop or other device where you might use different connections, this is a good way to make sure your DNSs are not changed by different apps (I might connect using either wvdial or kppp, through EDGE/3G, or using KDE's wlan manager, simple DHCP on ethernet, etc)

Just set the immutable flag on your resolv.conf file:

chattr +i /etc/resolv.conf

If you want to make it writable again run:

chattr -i /etc/resolv.conf

Re:Just change DNS Servers.

[mysidia]

It is not recommended to set immutable bit, as it causes issues in various situations (like restoring /etc from a backup). Failure to write to an immutable file is an API issue unique to Linux boxes that use ext2fs or ext3fs.. Systems that run ReiserFS, XFS, or jfs, don't have this bug.

Future versions of DHCPD/Ifplug, or the C library, may very well properly detect the 'immutable' bit and clear it, before writing, then re-set the bit after finishing.

Just like they do if you're root and try to write to a file that exists with mode 444.

Essentially, immutable bit was historically a half-baked feature intended to be used with 'securelevel'.

The concept is you are able to mark important system files immutable, and then raise the securelevel. Once the securelevel is raised, the filesystem will not allow important system to be changed without booting in single user mode.

The removal of securelevel from the kernel in 2.4.x likely means that the days of the 'immutable' bit are numbered as well. Some day you may upgrade your kernel, and be surprised to find out immutable doesn't do anything anymore.

The reliable way to turn off gathering of DNS settings from DHCP is to use distro-specific instructions.

For example, in Redhat-based distros you edit /etc/sysconfig/network and specify "PEERDNS=no"

Of course, now that you understand the risk that the immutable bit may stop working for you unexpectedly later, you can go ahead and try setting it anyways... because it's easy, and simpler than configuring your network software the right way.

Redirect DNS

[Krneki]

What is the problem with redirecting wrongly typed Url? It's not like "Page not found" helps a lot. I like OpenDNS search engine, if I miss-type the url.

Re:Redirect DNS

[John+Hasler]

They don't know that the URL was wrongly typed (or typed at all, for that matter). All they know is that they can't find a DNS record for it.

Re:Redirect DNS

[Todd+Knarr]

What's the problem? Well, first the problem is that you're assuming that every DNS lookup is from a Web browser. What happens to my copy of Eclipse, which is not a Web browser but uses DNS lookups and HTTP to find the servers to check for updated files? It depends on getting a "not found" DNS error to tell it when a server doesn't exist anymore, and it's going to have a real hard time when someone usurps that and hands it an HTML page instead of the file-version XML or HTTP 404 error it expects.

The Internet consists of more than humans looking at Web pages in a graphical Web browser.

Firefox workaround? Greasemonkey?

[BrianMertens]

So who wants to whip up a greasemonkey script that redirects the Rogers hijack page to, say, a Google search?

Please?

Opt Out

[gklinger]

Yes, it's obnoxious and offensive and worth pointing out that at the bottom of their 'helpful' page is a link marked LEARN MORE ABOUT THIS PAGE which gives the following explanation:

These search results were provided because the domain name you entered into the address bar is either improperly formatted, currently unavailable, nonexistent, or part of a key word search. Rogers Supported Search Results is a service designed to enhance your web surfing experience by eliminating many of the error pages you encounter as you surf.

No software was installed on your computer for this service to work.

Click here if you would no longer like to receive the Rogers Supported Search Results service.

Now for the best part. All that links does is display this custom error page (with the help of a delightful cookie, no less). Rogers has dug out a crawl space under their all time low. What a bunch of idiots.

How is this news?

[Nethemas+the+Great]

How is this news? In the US at least ISPs have been sending people off to http://wwwwh.found-not-help.com/ type places with DNS spoofing magic for years.

Windstream too

[jarndt]

Windstream started this kind of crap earlier this year. I instantly installed my own DNS server. Shortly after that, I learned that Windstream has alternate clean DNS servers.

166.102.165.32
207.91.5.32
From: http://www.dslreports.com/forum/r19794173-Windstream-DNS-Servers-With-and-Without-Ads

Re:Windstream too

[kevmatic]

Hey, thanks. I have windstream, too. I think I'll switch my DNS server links.

You're unlucky. I ran out of mod points yesterday. Other than this, they've been a great ISP, though.

Slow on the up-take

[IBBoard]

Orange did this in the UK at least 18 months ago, I think. Tech Support wouldn't tell me how to get round it (they didn't seem to understand that I didn't feel it was a "feature"), but I found other DNS servers on the Net.

AFAIK none of it is anywhere close to DPI, though. All the other services do is have a DNS server that goes "If I can't find a legit domain then return the IP of the ISP's web server" and the web server is set to listen for all requests, regardless of domain, and then does a search/advert page based on what domain you used.

Even ignoring the technical aspects it breaks, it's just wrong on so many levels.

Run your own

[CustomDesigned]

I got tired of dealing with braindead or deliberately poisoned DNS servers at ISPs a long time ago. Run your own. It is trivial in linux (install caching-nameserver in EL/Fedora), and I assume OSX. I suspect even Windows has an open source named you could run.

Re:Run your own

[superphreak]

http://www.opendns.com?

Re:Run your own

[rabbit994]

It does but it's a bitch to setup and deal with. Windows server does have DNS server that's quite easy to setup and use.

Re:Run your own

[CustomDesigned]

opendns.com does the very mangling I want to avoid and calls it a feature. At least they tell you they are doing it, and use it for stuff that could benefit end users (filtering allowed site names) as well as their own advertising. But it doesn't solve the problem. It is just a more "open" and up front version of the problem.

Re:Run your own

[m0i]

opendns.com does the very mangling I want to avoid and calls it a feature. At least they tell you they are doing it, and use it for stuff that could benefit end users (filtering allowed site names) as well as their own advertising. But it doesn't solve the problem. It is just a more "open" and up front version of the problem.

Just turn it off (feature called 'typo correction') and you have a rock solid/bug fixed open dns :)

Re:Run your own

[MightyMartian]

I was running Bind 9 quite successfully under Windows 2000 for many years, plus a testbed on XP. I see no reason you couldn't run it in Vista either. Setting up a caching server is pretty trivial.

Re:Run your own

[Dan541]

The point is we shouldn't have to use a third party DNS.

And I was modded

[sokoban]

+1 Insightful

[Rimshot]

At least they are open about it

[CustomDesigned]

They clearly explain that they mangle your DNS requests, and this makes their service "smart". Unfortunately, they do not explain some of the negative ramifications of this. However, their service is targeted to "end-users". Presumably, an email provider would use their own DNS server on a real OS (I do).

Re:par for the course

[Clover_Kicker]

Yes, let's please open up the market so I can be sodomized by the Yank cable companies and telcos instead of Rogers/Bell.

Most of the posts on this thread are Americans complaining about their ISPs doing the same thing.

Quick to take advantage of a Slashdot link

[markdowling]

Domain Name: ROGERSVIOLATINGNETNEUTRALITY.COM
      Registrar: TUCOWS INC.
      Whois Server: whois.tucows.com
      Referral URL: http://domainhelp.opensrs.net/
      Name Server: NS1.MEDIATEMPLE.NET
      Name Server: NS2.MEDIATEMPLE.NET
      Status: ok
      Updated Date: 19-jul-2008
      Creation Date: 19-jul-2008
      Expiration Date: 19-jul-2009

Corporate VPN Affected

This activity by Rogers is affecting the ability of corporate VPN connections to resolve internal addresses (those located behind their firewalls) leaving Rogers customers unable to access their company's systems.

It's Rogers.. why is this news?

[Seek_1]

Anyone who's been a Rogers customer should not be surprised in the least by this.

Attn Rogers Customers : Switch to Teksavvy, its so nice to actually be appreciated by an ISP.

Re:It's Rogers.. why is this news?

[PhilixDMA]

I did switch to Teksavvy and have had a great experience customer service wise. However, do to their reliance on Bell, there's something fishy going on with torrent throttling. Between 4:30p.m. and 1:30a.m., I cannot exceed speed of 25KB/s down and 10KB/s up using torrents. Changing ports didn't help and using some of the 'encryption' schemes didn't either. I called in and was told that because the area I'm in (Near the Islington subway station in Toronto) has alot of torrent traffic, bell has started using traffic shaping. So, Where do I go from here? Any ideas? Rogers is right out and so is Bell. I like Teksavvy, but I don't like having my usage throttled like this.

Re:It's Rogers.. why is this news?

[Griim]

I so badly wanted to switch to Teksavvy, and I did for a short while. The customer service WAS great. So good they told me the truth that I was +5km from the CO and that the wiring going into my apartment had tons of noise on it :(

Sooo, here I am, still on Rogers. I would love to move somewhere closer to a CO.

MTS

[AliasN]

This is not a first in Canada, MTS does this too (mts.net).

more problems

[l3]

I once tried to figure out why my office outlook suddenly took like 3 minutes to start up. Eventually I found out it was trying to connect to "exchangeserver", which is on the lan and not at home. Really nice of the opendns people to forward all these request to their search pages I eventually found out. After I changed the dns servers back to my isp's it outlook fails to resolve and I get to work in offline mode after a few moments of loading.

MANY MANY ISPs are doing this

[MobyDisk]

I complained to my ISP years ago that they did this. But what recourse do I have? They are the only DSL provider in my area. My other option is Comcast.

This is the problem with the stupid telecom monopolies in the U.S. They are granted monopolies, but they don't have to behave fairly. argh!

Not by random

[mseeger]

Hi,

this development is not surprising. The biggest surprise for me was the amount of money that an ISP can make by doing this. Given this fact, this trend is a natural result.

Some ISPs even learned lessons from others who were doing so before. Nowadays such a measure is implemented in a transparent way and the resulting page even contains an "opt out" button. It gets pressed only by less than 1% of all users. Why? They don't try to ram down as much advertisement as possible down the customers throat but also give a "value add" (at least for the casual user) in return (e.g. pointing out, where the typed URL may be wrong). Coupled with some heuristics (redirecting wwwww.google.com but not mxx14.somwhere.net) several ISPs introduced this features without any or very little complaints.

Wether i like it or not is a moot point. ISPs make money this way, most customers can live with it, therfore it will happen. Stupid are those ISPs who try to "force" their users to accept it. As Newton stated, any force will produce a "counter force". These "counter forces" result in negative propaganda for those ISPs and get the attention of users who didn't really wonder why their "error page" has changed before.

Given the current security state of DNS in general, the added security risk by answering for NXDOMAINs does not even approach to be a secondary problem. Making DNS more secure in general would close this loophole as well: your browser could inform you about being redirected by your ISP due to a typo.

Sincerely yours, Martin

P.S. My statement is not "this is good" or "this is bad", it's more "this is inevitable".

Re:par for the course

[Nikker]

To make this work the people have to own the network infrastructure. They have to own the cables right up to the switch where it goes from there would be the ISP's job.

tried pandora.com, works only with proxy

[1800maxim]

Earlier I went to Pandora... It was redirected to Rogers search page. I know I typed the URL correctly. I realized that my Tor wasn't running (can't listen to Pandora outside the US), I started it, and everything worked well since.

I'm on rogers and they also have a fake 404

I use rogers and this just started the other day and has been freaking me out. After I calmed down and actually looked at the page it says you can "opt out" so I did. BUT it doesn't really opt you out they made a fake 404 page that is still on the rogers domain and they send you there. I only caught it because they copied exactly the IE 404 page and I am using a MAC and Safari so when it says my browser is IE it looked kind of funny. This is the same roger that everyone hates so much that apple cut the number of iphones that they sent to canada, or so I heard. Way to go Rogers, winning fans right and left.
 

Cincinnati Bell DSL Too

[jackal40]

Well, seems it's not just the big ISP - my DSL provider (Cincinnati Bell) does the same. I tried the webmale.google.com FTA which sent me to the CB search page. Any suggestions on what tact to take in filing a complaint?

Modifying Router DNS Configuration?

[Cassini2]

Assuming you are running a Linux or OpenBSD based router, would it be possible to modify the configuration of the router so any attempt to reach search.rogers.com results in a NXDOMAIN record being returned? This could be a nifty mod to DD-WRT and similar packages.

I know this isn't the "right" fix, but it might be very effective.

Hold on just a second!

[epp_b]

Do we know that the ISP is actually using "deep packet inspection" to "hijack" DNS error responses to serve a webpage instead?

Frankly, I doubt it. Chances are more likely that the ISPs DNS software has been customized to serve up a webpage instead of respond with a DNS error flag. I don't know what you think constitutes "deep packet inspection", but this certainly doesn't (nor, in my opinion, does it constitute worthiness of a Slashdot story).

Furthermore, nothing about this violates the principle of network neutrality. No packets have filtered, throttled or shaped in any way. I'm afraid that, unless we can prove they are actually checking packets from DNS requests going to other DNS servers, testing for a DNS error, and then serving up a webpage; "net neutrality", "DPI" and "hijacking" have become mere buzzwords to throw around aimlessly to shamelessly attract media attention.

Can someone on a Roger's connection change their TCP/IP or router settings to use OpenDNS and see what happens on a DNS error?

Re:Hold on just a second!

[SQL+Guy]

Did this, and unsurprisingly got taken to http://guide.opendns.com/?url=www.fjldskjfsdf.com [That's not a surprise, right?]

Solution

[Cassini2]

At the risk of replying to my own question, if you are running DNSMasq on your router, you can use the command:

bogus-nxdomain=64.94.110.11

To block any given IP address, and thus override Rogers override. This works to prevent Rogers from displaying its search page, no matter what URL you enter.

Deep Packet Inspection...

[nfk]

Did anyone else read that as Deep Pocket Inspection?

Re:TDS Telecom, too.

[emeitner]

TDS Metrocom too... all a part of the monther company: Telephone & Data Systems(TDS). Fortunately my firewall is my DNS server and does not use the TDS name servers.

DPI: The new evil! But it isn't needed to do this

[Brett+Glass]

Funny how, just because a few self-interested Washington lobbyists have declared it so, DPI is the new Ultimate Evil. Exactly how will we block spam if we don't inspect messages traversing the Net?

It's a sign of this DPI hysteria that this article blames DPI for redirection of domain name lookup failures. The fact is, DPI is not necessary to replace NXDOMAIN answers to DNS queries with pointers to a specific server. All one needs is to do some very simple hacking of the recursive resolver. Which is easy if you are the administrator who is running it.

Summary/article likely invalid

[ameyer17]

This likely has nothing to do with DPI, it's just a DNS server (mis?)configured to return a result for all queries.

Re:Summary/article likely invalid

[ameyer17]

Erm... the subject of my previous post should end with "incorrect" instead of "invalid" (yay sleep deprivation).
Think about it logically, though.
Which would be easier to implement, deep packet inspection to hijack connections to non-existent servers or a DNS server that reports a bogus A record instead of a NXDOMAIN?

Silver lining?

[el+americano]

At least you won't get the Microsoft search page. Weren't they the original employers of this tactic? And for as much as they've been sued, they were never sued for that one.

Expect more of this, although the apparently the buck stops at your ISP. For Network Solutions it was a bridge too far.

You can opt out

[SilverJets]

When you get the Rogers search results page, click on the "learn more" link in the bottom right. Then click the link for no longer getting directed to the Rogers search results page.

Re:You can opt out

[SQL+Guy]

I tried this, and then entered a garbage domain. All it does it take you to http://www20.search.rogers.com/not_found which offers you the chance to "opt in" again. Grrrr.

Rick Rolled

[piemcfly]

From the article:

Kaminsky demonstrated the vulnerability by finding a way to insert a YouTube video from 80s pop star Rick Astley into Facebook and PayPal domains

Right, and...

[Stu+Charlton]

Nick Negroponte is a stunning success. not.

Ted's many things, but stupid isn't one of them.

Common in the US

[ChaosDiscord]

Why does this require deep packet inspection? From the description, the ISP is just replacing failed DNS responses with their own IP address. While scummy, my local cable internet provider did it two years ago, and my local DSL provider did it a few months ago. High speed internet is not available where I live without this "feature." (You can work around it by not using their DNS servers. Which is annoying as hell; I shouldn't have to use a third party's DNS server, or run my own, just to get proper service. I should be able to use my upstream provider; it's better for everyone involved.)

MTS

[Scare,+code+monkey]

Canadian ISP MTS (Manitoba Telephone System?) is doing it too.

Telefonica (Brazil)

[fczuardi]

Telefonica ISP in Brazil (Speedy) is doing the same thing, redirecting unresolved domains to ajudanabusca.com.br which contains ads from Yahoo searchmarketing.

Don't file a complaint, just use the right site!

[freaker_TuC]

Fixed it for you: webmale.google.com.

I'm not taking any more crap from Rogers

[lamz]

I first noticed this morning that Rogers was re-directing my DNS errors. My first instinct was to switch to another ISP provider. Then, I had a better idea.

I've decided to stop paying my Rogers bill.

How do you like me now, Rogers?

TDS too

[Eil]

TDS does this as well and their tech support didn't know what I was talking about when I brought it up. Way to break the RFCs! This is one of the reasons I went back to another provider.