Slashdot Mirror
Bell Starts Hijacking NX Domain Queries
inject_hotmail.com writes "Bell Canada started hijacking non-existent domains (in the same manner as Rogers), redirecting NX-response queries to themselves, of course. Before opting-out, you get their wonderfully self-promoting and self-serving search page. When you 'opt-out,' your browser receives a cookie (isn't that nice) that tells them that you don't want the search page. It will still use their broken DNS server's non-NX response, but it will show a 'Domain Not Found' mock-up page that they (I surmise) tailor to your browser-agent string. During the opt-out process, they claim to be interested in feedback, but provide no method on that page (or any other page within the 'domainnotfound.ca' site) to contact them with complaints. They note that opting-in is 'recommended' (!), and that 'In order for opt-out to work properly, you need to accept a "cookie" indicating that you have opted out of this service. If you use a program that removes cookies, you will have to repeat this opt-out process when the cookie is deleted. The cookie placed on your computer will contain the site name: "www.domainnotfound.ca."' Unfortunately most Bell Internet users won't understand the difference between their true NX domain response, and Bell's injected NX response."
Well, that's the bad old ma Bell that's still alive and kicking in Canada.
These pages are helpful for the typical web surfer. In fact, an automatic URL "fixing" service would be one of those revolutionary Web 2.0 features that exists in the recesses of the web, part of the infrastructure and totally natural to use.
Yes, it breaks some scripts and runs contrary to published standards, but it presents a new (actually pretty old) conception of how the web should work.
You wouldn't believe the amount of angry customer calls I had escalated to me by people who think that computers, modems and internet service are all the same things and I was responsible for all of them. If you want me to share them with you, bring lots of hard liquor - you're going to need it.
The Deutsche Telekom / T-Online does exactly the same in Germany.
Love over Gold.
Taco stands for Targetted Advertising Cookie Opt-Out. It is a firefox addon that keeps a generic, non-user specific cookie opting out of the things that need cookies to opt out of.
excitingthingstodo.blogspot.com
If this is a true description of the opt-out, it is SERIOUSLY broken.
Simply put, any opt-out mechanism MUST enable the user's computer to properly receive an NXDOMAIN response. Because the problem is NOT the advertising web page on a web browser typo for http, but all the other things that do DNS lookups.
For example, NXDOMAIN wildcarding even snagged and confused Dark Tangent into thinking that someone was trying to MitM the Defcon forums!
I can accept an ISP doing this only under the following conditions:
a) The opt-out is a one-click item on the page
b) The opt-out is perminent and for all connected through that IP/customer link
c) The opt-out is a real opt-out which will cause NXDOMAIN responses to be properly returned as NXDOMAIN.
This clearly fails B and C.
Test your net with Netalyzr
Most people that are savvy enough to care, don't use their provider's DNS services. Those who aren't probably either don't care, or might even like the "feature."
does anyone know if they're applying this to other ISP who lease bandwidth from bell? Such as Teksavvy and the like? I'm switching from bell anyhow, but I'd be pissed if they force that on other ISPs too (along with throttling).
Browsers can take care of this quite well!
I think they mostly do.
Or put otherwise, this is a pretty heavy solution to the problem, if the problem is what it is to solve -- unlikely.
Stephan
http://stephan.sugarmotor.org
208.67.222.222
208.67.220.220
problem solved
Only they have decided that "google.com" is not a valid domain...ffs
Oh, and why do I have to make firefox pretend to be IE8 to post on slashdot?
Embarq does the same thing with their DSL:
http://search.embarq.com/index.php?origURL=http://lkwkerwer.com/
Better known as 318230.
Is there any way a local caching name server can detect this brokenness and return the right answer? I seem to remember some bind configs a few years back that would do that but I'm not sure if they would still work.
Or maybe a firefox plugin could detect this damage and restore the original, correct behavior somehow.
Isn't this sort of forgery exactly what DNSSEC is supposed to prevent?
(And no, don't go suggesting DNSCurve. It doesn't protect against your ISPs caching resolver being malicious like this.)
This is what I find interesting/scary about this. Search for "Microsoft" from that webpage. Of course the first hit is from www.microsoft.com and if you look carefully you can see that it is sponsored. But the fourth hit down is for a sponsored link.
Microsoft Help & Support 1-888-935-4306
Get Microsoft Technical Help & Support by Expert 24x7, Call now !!
Sponsored by: www.iyogi.net
Very interesting that they mix sponsored and regular hits. I thought normally these were at the top of the results page and separated by bars/colors/lines/fonts.
Using other services like OpenDNS is a certainly one way to go, but last time I checked they had issues when it came to IPv6. Does anyone know any IPv6 friendly open DNS servers?
Jumpstart the tartan drive.
Don't get me wrong. I don't like this practice. But I do not know what the technical issues are with doing this. Are there security concerns? How does it break stuff? Also, does anyone know if complaints have been filed with the CRTC or if this practice is contrary to CRTC rules?
Bell's current business model pretty much relies on people not caring about the shit they pull.
It's sort of interesting (or infuriating depending if I'm trying to use the internet..). My new ISP makes it no secret they hate everything Bell does. I think that largely has to do with them leasing their lines from Bell, and having their service screwed up when Bell does things of this nature. I imagine I'll be getting an email from my ISP soon telling me who to complain to about the service getting buggered yet again. Thanks Bell, I'll be by your office in the morning with a fresh cinderblock. I see you replaced your front window from the last time I put one through it.
And that was the last Terry Fox run I ever participated in.
If you're using TekSavvy, then you're using TS's DNS servers, so your query goes to TS's DNS server which should respond with NXDOMAIN. You aren't even contacting the Bell DNS, so there's no opportunity for them to interfere.
It's possible, since Bell controls the last mile, that they could intercept NXDOMAIN results going to your machine and replace them using DPI, but I can't see how they'd get away with that without being in violation of CRTC rules about changing the meaning of communication. And, at least for me on Primus, this doesn't seem to be the case (yet).
I have just read a article, about a children getting a possible 10 years sentence to open a hardware to install software on it. And now I am reading this? I am angry, very angry, please _jail time_ for the people that has taken this decission in Bell!, NOW!.
Can we get a fair world, please?
-Woof woof woof!
I SERIOUSLY URGE YOU ALL TO LOOK AT THE CRTC WEBSITE!
Bell is on a buying spree, They now own (or are buying into, to take over) Aliant (BellAliant), Virgin Mobile CA (Bell Virgin Mobility), Rogers (Bell Rogers), Telus (BellTelus), BarbadosTel (Don't know the new name yet), The Source, Koodo trying to take over MTS, ATT WW, with more on the radar.
And the reason why they can get away with it right now is they are buying up 61% so they can get co-branded Bell[Name]... Oh yeah, they are no longer known as Bell Canada Enterprises...it's now Bell Enterprises, which means they plan on going global... WATCH YOUR WALLETS!
How is this cookie supposed to work for lookups from apps other than a web browser?
I am becoming gerund, destroyer of verbs.
Contrary to the summary, they do provide a very visible 'Contact Us' link, providing both a feedback form and an actual email address: domainnotfound@bell.ca
OpenNIC offers free, open, and democratic domain name services. No redirects like your favorite ISP or OpenDNS (and to think these used to be the "good" guys back in the days of everydns.net). All ICANN domains, plus a good helping of alternate roots (including OpenNIC) as a bonus. The OpenNIC DNS network is slowly building, with servers around the world
Using your ISP's name servers is so passe. They'd like the masses to think that's the only choice.
I'm not a fan of OpenDNS because they also do NXDOMAIN wildcarding.
However, they do have a working opt-out in the OpenDNS dashboard, however you need to use their notification mechanism so they can track where you are to maintain the opt-out.
Test your net with Netalyzr
So, what happens if I buy ping a domain that doesn't exist? Presumably this will then cache the DNS NXDOMAIN reply. If I then buy the domain, set up a DNS entry, and then try to connect to it, I will get their sever instead of mine. This sounds like it would fall foul of computer misuse laws; intentionally hijacking a connection. The presence of ads means that they're doing it for commercial purposes, which usually carries a heavier sentence. Other ISPs will not be breaking these laws, because they will just be inadvertently blocking my connection, rather than hijacking it.
I am TheRaven on Soylent News
Well that's kind of the point isn't it?
We as techical people do see the point, so we have to educate those that don't, as well as companies that do stupid things like this.
Excusing yourself for OTHER people not understanding seems a very, very odd standpoint.
For those of you who want to let Bell hear a bit of your mind, the comments form is here:
https://www.bell.ca/support/PrsCSrvInt_CtUs_Eform.page
The first hit for me is the wonderful errornerd.com, which can fix these errors if you download their registry utility.
They can even fix a host of other errors, even 404s and errornerd.com is a fraud errors.
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
DNS doctoring is bad for many reason.
Just because a domain exists doesn't mean it's the one you wanted. Think of all those properly registered phishing sites out there, just waiting for a user typo. What's the difference between them and a DNS search redirect? If anything, this highlights the broken behavior of using the (non-)existence of a domain name for anything useful. You really care about whether you got the RIGHT site, not just *a* site.
This...
When you "opt-out", your browser receives a cookie (isn't that nice) that tells them that you don't want the search page. It will still use their broken DNS server's non-NX response, but it will show a 'Domain Not Found' mock-up page that they (I surmise) tailor to your browser-agent string. ...is just ****ing unacceptable. That's not ****ing opting out.
If you have a share "woody://shared/data" then your machine will look up "woody" on DNS. Before this, your work laptop would get NXDOMAIN and wouldn't try to map a drive.
With this, it will hear that there is such a domain from your ISP and try to mount a share from it.
Bresnan Communications pulls this same crap. The only way to opt-out is accept thier cookie.
I spent June in Toronto and Ottawa with friends and my family, all of whom have internet service provided by Rogers. Now I have a bunch of type-o URLs in FF's history when I'm typing the in the address bar. Anybody in the province who can get DSL should go to Teksavvy where you'll get good service and none of this crap.
windstream, verizon, and insight engage in this routinely...only way around it is to run your own caching nameserver. problem solved.
Viewed in the context of net neutrality -- how can there be net neutrality if they don't even provide net access
according to the semantics of the protocols?
Stephan
http://stephan.sugarmotor.org
...Cavtel (for some reason, the only DSL available in my office building, even though I can see the Verizon CO 1000 yards away from my window) does this same BS and it drives me nuts, I just changed the DNS servers returned by our DHCP box and voila.
Broken, and boneheaded, but solved with a small amount of work. Still, it's something I shouldn't have had to bother with, and the whole "breaking the Internet" thing is a problem -- they should no longer be able to classify themselves as an "Internet Service Provider" since they're not doing a reasonable job at it.
Free fast Public DNS Servers List
Personally I use 4.2.2.1 and 4.2.2.2 due to them being easy to remember
Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
Optimum online, and Verizon internet services in my area have been doing this for awhile. You're telling me this isn't business as usual? I get that the opt out method is pretty stupid, but at least they have an opt out option.
Paytec/McCloud telco does this here in the states.
I'm sure those faked browser error pages won't be at all confusing, visiting the page in Chrome displays a fake Safari error page (unsurprising as the user agent is for some odd reason Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0).
This seems to only affect lookups for queries prefixed with www. For example, a lookup of blerght.com returns nx, while www.blerght.com returns 67.63.55.2. There may well be other subdomain queries that it also hijacks.
I urge all of you to visit the CRTC website to see what Bell has been upto.
So far, they are on a buying spree to take over, or own controling shares in Aliant (Now Bell Aliant), Virgin Mobile Canada (Now Bell Virgin Mobility), Telus (Now Bell Telus), rogers, koodo, fido, BarbadosTel, the Source, and are trying to take over MTS and AT&T WorldWide, aka AT&T USA.
They are also no longer BCE (Bell Canada Enterprises) but Bell Enterprises, cementing their plan to go global (As if AT&T and BarbadosTel aren't enuf proof...)..And trust me, more is in the works, but it will take time for you to see it.
Actually, OpenDNS has been known to doctor with the requests too, so suggesting it in this case is treating a problem by introducing a new one. Much better to simply use 4.0.0.n with n in the range [1-6] if memory serves me correctly.
DNS is recursive, right? Starting with the TLD servers, then downwards. Someone upstream of Bell is returning a 'domain not found' and Bell is intercepting that and modifying it.
I understand that you're using Bell's local DNS servers to start the search, but the effect is the same as them intercepting and modifying your communications.
ISPs doing this kind of crap should get sued under whatever law most closely applies.
where's that perl script that queries random domains to break the ISP's DNS cache?
-- I was raised on the command line, bitch
And everyone wins: a version of BIND that allows an overlay of master records based on secondary queries. You look something up, the authoritative query goes out to the replacements, the fallback position is the root nameservers.
Then, you can participate in OpenDNS or OpenNIC or whatever you want, *and* participate in the base DNS network as well. Plus, if you ever decide someone is being naughty, you can just overlay them with a whiteout (and you get rid of every domain-squatter-searcher you want to get rid of,) or you can simply override domain squatters with the original rightful owner.
Plus, the extortion money you currently pay? You can get rid of it basically for free. Set up a domain in the overlay instead.
They're reselling InfoSpace. Click on this link to demonstrate.
InfoSpace claims to be passing search queries to Google, Yahoo, Bing, Ask, and Twitter, then combining the results. I'm surprised they can do that. Google, Yahoo, and Bing all prohibit that in their terms of service. (With Google, you're only allowed to use Google's display format, expressed in their AJAX API, but you can add additional info. Google doesn't allow reordering or combining their results. Yahoo is more flexible; you can reorder, reformat, and, subject to some restrictions, add ads. Bing allows reordering and combining for Web searches, but not other types of searches.)
Better Headlines:
"Bell Is Hijacking NX Domain Queries"
Does Bell "startS" hijacking on a daily basis or all the time? Tony Hawk skateS every day.
"Bell Hijacking NX Domain Queries"
Brevity is wit.
Hit the reply button to make excuses and apologies.
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
My ISP (Qwest) tried to do this, but they had an option (albeit slightly hidden) to truly disable it. It worked by giving the router a different DNS server next time it DHCP'd, and this server actually sends NXDOMAIN when it can't find a site. So it is possible to do opt-out correctly, not that it makes it OK for them to do this in the first place.
I use Bell, and I noticed the hijacking maybe a week back. Even thought of submitting a story to /.
But then it magically disappeared later on (next day?). Hasn't come back since, and before posting, i made sure that I was receiving NXDOMAIN's and not Bell's specially crafted "Domain not found" for opera: [eon@enthalpy:~]$ host fadfad.ca Host fadfad.ca not found: 3(NXDOMAIN) [eon@enthalpy:~]$
So, did they change their policy, or am I the only one mysteriously not affected by this?
I would imagine that their use of the Apple-designed Safari logo (it is stored on their server at http://assist.infospace.com.edgesuite.net/bellassist/pics/compass.png) is an infringing use of Apple's intellectual property, especially if it is designed to appear as though Safari itself generated the message and cause confusion as to the source of the message.
Get Apple legal's hounds on Bell and see what happens.
Sorry, I'm new here and relatively inexperienced in the whole area of DNS-network-domain malarkey..
It seems like a good time to re-pimp my dnsfix utility that undoes the effects of their NS response mangling. I wrote six years ago when VeriSign tried to pull the exact same NX proxying bullshit with its SiteFinder "service".
3.243F6A8885A308D313
dnsmasq supports specifying bogus NX domains, and rewriting/fixing them.
I don't see any definition of this "cookie" in the DNS RFCs. I don't see it in the SMTP RFCs, or Telnet, or FTP, or SNMP, or SSH, or in fact any Internet protocol except for HTTP. And I hate to have to tell Bell Canada this, but the majority of the Internet does not use HTTP for name resolution. It uses DNS, and interprets DNS responses including NXDOMAIN. So if they're going to implement an opt-out solution for DNS, it needs to work with DNS clients and not just with HTTP clients. Otherwise, they need to abandon DNS redirection and begin doing transparent proxying of HTTP instead.
Oh, and before you say "But everything uses the Web now!", riddle me this: what transport protocol does World of Warcraft use to communicate between the game and Blizzard? What protocol does Everquest use? Hint: it's not HTTP. Do you want to claim that World of Warcraft and Everquest have a negligible number of players?
Yes, you!
Report their fake error page: Help -> Report Web Forgery in Firefox, probably in the same place in other browsers.
Bell fucks with DNS, Rogers hijacks web traffic to insert little messages about your bandwidth usage. Those two are just bad netizens all around.
The simplest solution to Bell's DNS mongling is to not use their DNS. If you can't set up your own recursive DNS server (bind), well try to find an open DNS you can mooch off of. Maybe Bell's corporate side doesn't do this kind of bullshit, just a guess...
-Billco, Fnarg.com
Seems Bell isn't hijacking all DNS queries, just messing with queries to their own DNS servers.
I just installed DJB's dnscache as a local "authoritative" cache, and firefox now hits up google for the first result if the domain doesn't exist (as per usual).
Don't know what you'd do if you're on windoze, but then I guess you'd be used to things being broken...
I'm on a Bell DSL connection. I am unable to reproduce this problem.
;; QUESTION SECTION:
;bing.honk-honk.qc.ca. IN A
;; AUTHORITY SECTION:
ca. 3600 IN SOA jbq01.tor.cira.ca. admin-dns.cira.ca. 2009080414 1800 900 604800 3600
;; Query time: 56 msec
;; SERVER: 206.47.244.78#53(206.47.244.78)
;; WHEN: Tue Aug 4 14:16:41 2009
;; MSG SIZE rcvd: 99
On reputable sites, they are.
Bell is clearly anything but.
Type "http://www.domainnotfound.ca/" in IE 8 - you get "Internet Explorer cannot display this page."
Type "http://www.domainnotfound.ca/" in FF - you get directed to http://www.domainnotfound.cawww.domainnotfound.ca/ (yes, doubled name, it's not a typo from me)
Go to "http://www.domainnotfound.ca/clickserver/". The "back" link is broken and doesn't work (without looking, I assume it's a javascript:back()).
One word: pathetic.
I just registered it. :)
Frog
0.0.0.0 www.domainnotfound.ca
This is old news.
how is babby formed?
Verizon did this a while ago. FUN!
Because, you know, the only thing that relies on DNS is users browsing web pages.
It's not like you can use their DNS anyways. That's the first thing their techs tell you when you get them on the phone, to switch. Also, when you finally get sick of their lousy service and switch, they hold your line hostage for 30 days and inflict an extra month of embarrassingly bad DSL service on you as punishment. Bell has become a sad joke.
I've made the point before, but it's worth pointing out again that this is just typosquatting on a massive scale.
.COM domain names that are one character misspellings of any Alexa top 100,000 site you enter. It also displays screenshots of those typosquatting sites. It's a nifty way to get a quick idea of the rampant growth of typosquatting. Here's an example that shows the 425 registered .COM domain names that are one character away from google.com.
Many people don't realize that there's TONS of traffic going to typo domains (whether registered or not). For instance, youtuve.com (notice the v instead of the b) got 347,852 visitors over the last 31 days. It redirects to another domain for cloaking purposes, but here is the traffic report. This level of traffic provides the financial incentive to implement these DNS schemes.
By the way, there's a new, free typosquatting scan tool at aliasencore.com. It shows you all the registered
Full disclosure: I am Graham MacRobie, the CEO of Alias Encore, Inc. We help companies recover cybersquatting domain names, but we focus solely on "slam-dunk" typosquatting cases (obviously only registered domain names). I can speak from personal experience in this field that the very last thing we need is wholesale typosquatting at the DNS level. Bell Canada should turn this "feature" off immediately.
cliff.
I was actually planning on switching soon, as they were advertising 16Mbps service for way cheaper than Rogers. Of course if they're pulling crap like this, I'd rather stay with the evil I know and have learned to tolerate.
I'm going to do you a huge favour ever and tell you that you must go to the dslreports.com Bhell forums and find out the truth about Bhell and what their victi^h^h^h^h^hcustomers think of their serivce, india-based tech support, speed claims, pricing scam^h^hemes, throttling of torrents, tiny download caps, etc.
Your're welcome.
I have the same problem... our office uses Cox and lately we have been redirected to "find-assist.com" where they give a search page based on my erroneous URL. Our Trend Micro anti-malware catches this and warns of a phishing attack. Lovely.
This change breaks the URL completion feature in Safari where if you type "cnn", Safari automatically displays "cnn.com". If you type a URL that is in your browser history, then of course Safari will auto complete it before submitting the http request, but if it's a domain you haven't visited before, you now get the useless Bell page instead of the page you really wanted. Does Bell just use Internet Explorer? If they were Mac users, they wouldn't have done this.
There's no forgery. You are connecting to their server just as you intended to and it is giving exactly the response they configured it go give. However, that response is not the one specified by the RFC.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
"DNS doctoring is bad for many reason. I'm sure a firefox or IE addon would actually be much more preferable. Something easy to dis-activate when things break." - by nicolas.kassis (875270) on Tuesday August 04, @11:40AM (#28941989)
Is it? I use a CUSTOM HOSTS file, it "proofs me", as far as many lunacies & madnesses going on, online, today.
I also never see an adbanner & these have been found to bear malicious content, such as this from this website ->
----
IT: The Next Ad You Click May Be a Virus:
http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus
----
(& many more upon request are available here, even with the "big guns", like Microsoft even, being victim to it... I can produce that also, just ask, upon request)
Anyhow/anyways, "back on track":
Nor do I slow myself down, in downloading + processing/parsing banner material or their javascripts (the harbinger of doom, unfortunately, by the misguided jack asses that misuse it thus for "evil ends", & this is another one I generally "turn off" on MOST sites, unless they demand it being in place operating, so I can gain full function from said website)
HOWEVER?
That's JUST the tip of the "benefits iceberg"... E.G.-> I also go F A S T E R, via another means (that also allows me to avoid DNS port 53 udp queries period, & their 30-60ns or more roundtrip resolutions of URL's to IP Addresses), by adding my favorite 200++ or so websites I like... so, if a DNS server gets "poisoned" (lot of THAT going on lately too, see Dan Kaminsky & more recently, he & Moxie Marlinspike's findings here, such as this article alludes to)?
I get to the RIGHT spot, regardless of a DNS server being poisoned, or just flat on its back, by being "knocked over"... I get to where I want to, in either instance... &, not to a misdirected malicious code laden one instead.
(AND, again? I get there, FASTER... many orders of magnitude so, even during the init. HOSTS file reads (since today's disks are so fast, especially the ones I use in Velociraptors, & WD Raptors + two TRUE SSD's (where I house my HOSTS file, by altering the DataBasePath location in the registry here -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters) & there I get literally 0ms access/seek (which COMPLETELY "blows away" the 45ms avg. of remote DNS server querying) especially once my local custom HOSTS file is fully cached (either by the local DNS client service, or, by the local discache subsystem))
This technique would/SHOULD also be useful to folks in GERMANY lately, what with their gov't. "choking off" parts of the internet to they, &/or tracking them for violating their edicts/laws... how so?
For those of you that may have heard of "A Black Day for Internet Freedom in Germany" from this /. article here recently of -> http://yro.slashdot.org/story/09/06/16/1657255/A-Black-Day-For-Internet-Freedom-In-Germany ?
I have a way around your "woes", & one that will not get you DNS port 53 udp logged either, in case your ISP/BSP (or gov't./police even) blocks out your fav. sites online, & it's VERY SIMPLE to do, using a custom HOSTS file & a text editor (like notepad.exe, but pay attention below to notepad.exe .txt extension warning I note below though)!
----
1.) Find the IP addresses (ping'ing them will get you this usually) of your favorite websites (even IF they are "banned/restricted" by your ISP/BSP & their DNS servers)
2.) Enter their "IP Address-to-URL" equation/resolution into your local HOSTS file (typically located under %WinDi5%\system32\drivers\etc ), using notepad.exe (be sure to sa
After battling Bell phone support for a good half hour hoping for (thought not really expecting) a decent opt-out method, I was told to use 4.2.2.2 as my primary dns and 4.2.2.1 as my secondary. They didn't sound like Bell owned IP's... A quick reverse lookup revealed 4.2.2.2 as vnsc-bak.sys.gtei.net, then a whois reported ownership by Verizon!
Well, its not being hijacked at least.
Man, do I ever hate Rogers. But I especially hate Bell. But *especially* Rogers.
Free the Quark 3 from asymptotic confinement! Bring your charm! Don't get down! All colours and flavours welcome!
OK, after reading the article summary, everything linked from there, and all of the comments, it's still not clear to me whether Bell Canada is: a) replacing NXDOMAIN within their own DNS resolvers with address records pointing to the "helpful" web page or b) mangling packets so that any NXDOMAIN response from any nameserver to any client on its network gets its contents replaced with the "helpful" crap.
(a) is relatively easy to deal with, by setting your resolvers to "trusted" ones (perhaps a local caching server running on your own network), instead of the spoofy ones provided by Bell Canada
(b) is much harder to deal with, you'd probably have to either have multiple Internet connections, or to set up an encrypted tunnel through Bell Canada's network to the "trusted" resolvers.
Can anyone confirm/clarify exactly which form of "DNS hijacking" Bell Canada is allegedly perpetrating? "DNS hijacking" by itself is such an imprecise term...
Type in my.rogers.com (main competitor to Bell) and it goes to Bell's domainnotfound website...
Also, the page is formatted to look like a Safari 404... for Google Chrome!
I would give you the address but I blocked the URL with my router.
Bell Canada's engineers should read draft-livingood-dns-redirect-00 which if nothing else explains how bad their implementation is.
While there isn't consensus on where to go with this draft. The is consensus that cookies don't work and that NXDOMAIN rewrites are different in nature to the other forms of redirect in draft-livingood-dns-redirect-00 and should be treated as a separate issue to the other forms of redirect.
This is being discussed in the dnsop working group.
btw, if you are a current Bell customer don't even try calling their tech support to complain or ask how to opt out. I just did and the tech support had no idea what a NX Domain Query was, nor did the Supervisor I was transferred to. I even used small words to explain what Bell was doing and they claimed they had no idea what I was talking about. Go figure.
Just got an e-mail from Comcast that it is currently implementing the exact same thing. Here is the email: "Dear Comcast High-Speed Internet Customer , At Comcast, we're constantly looking to deliver the best online and search experience. That's why we're introducing a new feature called 'Domain Helper' to help you find the sites you want when you mistype a Web site address in your Web browser. You'll notice this service if you mistype a Web site address, for example "http://www.comtcas.com" instead of "http://www.comcast.com." Instead of receiving an error page that the Web site does not exist, this new service will provide you with a Web page of suggestions and links to get you back on track quickly and help you find what you need faster. We also understand that sometimes customers want to surf their own way, without the assistance of Domain Helper, so we also offer an easy way to opt-out when you receive the suggestion Web page. You can also opt out by visiting the opt-out page now. We hope you find this to be a valuable tool to help you surf the web even faster. Sincerely, Comcast"
Not the same poster as the one you responded to but where I work I have experienced first hand local and national ISPs IGNORING the TTL in our DNS records. By the way, Bell Canada is one of the national ISPs I was refering to. Rogers was the other.
See: http://en.wikipedia.org/wiki/Paxfire for one such enabler.
One way to attack this: copyright infringement. This image that they serve up to Safari users is, according to Photoshop, identical to file:///Applications/Safari.app/Contents/Resources/compass.icns which is surely copyrighted by Apple. This won't necessarily shut them down but it would draw some attention and maybe hurt them financially a bit.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Their cookie-based fix is offensively lame - not only does the typical implementation of DNS hijacking only "help" queries to http port 80 and maybe https port 443, while breaking other protocols, their opt-out "fix" only fixes connections to those ports from cookie-supporting browsers, not from the applications for other protocols. Comcast's opt-out uses MAC addresses, so at least you can opt out for everything, not just only opt out from the least broken services.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
ion.simon.c is a known convicted child molester who was caught raping little boys.