Slashdot Mirror
Reports of IE Hijacking NXDOMAINs, Routing To Bing
Jaeden Stormes writes "We just started getting word of a new browser hijack from our sales force. 'Some site called Bing?' they said. Sure enough, since the patches last night, their IE6 and IE7 installations are now routing all NXDOMAINs to Bing. Try it out — put in something like www.DoNotHijackMe.com." We've had mixed results here confirming this: one report that up-to-date IE8 behaves as described. Others tried installing all offered updates to systems running IE6 and IE7 and got no hijacking.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here.
So it looks like its not Microsoft's fault in -my case-.
This is my sig.
Not working here :(
IE cannot "hijack" NXDOMAIN, because it's not an ISP.
I mean really. We can get a page telling us the site doesn't exist, or we can be re-directed to a search engine which can help us find what we were looking for. Yeah it helps pimp Microsoft, but I figure if you are using their browser, it is fair game.
I'm pretty sure that if you had the Google Search Provider add on for IE, and made it your default search provider, it would do the same? Hasn't that always been the case for Non-existant domains?
I mean, its IE, and its microsoft - all they're basically doing is providing the "Microsoft Add On" in their versions of IE.
It isn't actually Bing that it goes to, it is whatever your default search provider is. Now that is Bing by default, but you can change it to anything you want. IE8 asks you during setup, and you can change it later. So if you change it to Google and enter a non-existent domain, it'll send you to Google with a search for that.
Similar to how Firefox works, just in more cases. In FF, if you enter a name with no domain, it tries some popular ones like .com. If it can't find any, it then does a search in your default provider. IE is doing a similar thing, but doing the search even if you do enter a domain.
IE 6 and 8 (don't use 7 anywhere). Both redirected to BING ....
The funniest thing we have ... our filter (k-12 schools) blocks BING LOL. ... here is the report ...
Category: Image Servers & Image Search Engines
Blocked URL: http://www.bing.com/search?FORM=DNSAS&q=www.DoNotHijackMe.com&adlt=strict
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
So you mean to say that Microsoft is trying to use their market share to determine how people use the internet?! This is shocking to me.
I get a search page on bing.com using IE7 but didn't update today :( I think i have previous updates except IE8.
Internet Explorer cannot display the webpage
What you can try:
Diagnose Connection Problems
Nothing to see here. Move along !!
Yet another stupid, linkless, flamebait article.
Come the fuck on guys.
I'm saying what it is doing, and why. It isn't "hijacking" it is trying to be helpful to users that mistype a domain.
I don't know if it is just my perception, but it feels like MS is back to their old ways with a lot of their activities these days - particularly with regard to anything web facing.
After what felt like a few years of roughly being fair with things, we seem to have had a spate of underhand moves recently. Off the top of my head I can list installing firefox extensions through windows updates without asking (spooking a lot of people including myself - "1 new extension installed what? I didn't install anything"), upgrades to IE8 presenting the user with a complex series of choices - one that implies you should opt in to their accelerator program or IE8 won't install, and the other offering you an express set of installation options or else click through a large number of preference screens - while failing to mention that express settings set IE8 as the default browser.
And now (if true), engaging in DNS hijacking to drive visitors to their search site. Can they just not accept user preference at all?
IE is - as stated above - being helpfull, as a program should be. It is not a "hijacking" since the program requesting the DNS-lookup is IE. This is nothing like having NXDOMAIN, transparently, changed into something it isn't on the network-level.
In one case the program gets to decide what to do and in the other someone else is telling your program that the expected result is something else.
//Patrik Graeser
IE 6 has always been doing stuff on auto.search.msn.com if you entered URLs whose domain name didn't exist.
This is not news.
Nothing to see here, move along.
The problem with REAL null domain hijacking is that it breaks software. It breaks VPN clients in a BIG way as well as anything else that searches the Intranet for services. Since this is only active within the web browser and entirely possible to disable, it is far from the big hassle that ISP based hijacks are.
Firefox also does exactly the same thing. Also easy to disable.
Using IE 6.0.2900.2180.xpsp_sp2_qfe.090206-1239:
I just tried it and I got hijacked to a Google page sponsored by Dell.
My computer is a Dell.
IE is not DNS server. What is most likely happening is that with some registry entry a certain way and a certain set of patches, when IE gets a NXDOMAIN when doing a domain name lookup it then does a bing/google/yahoo search (depending on another registry entry for your preferred search engine). It used to show a page with a red X.
This is not DNS hijacking. If somehow Windows now had a caching DNS server that substituted a IP address that then redirected to a bing search or something of that sort, that would be DNS hijacking. This is IE the client trying to handle NXDOMAIN errors in a helpful way. Hopefully this is customizable like I expect. The only thing about this is that if the default is bing that increases exposure and ad revenue for Microsoft. It does not break the internet like DNS hijacking does.
In the options menu there's a setting "Search form the address bar." You can change that to not submit unknown addresses. It is just the default behavior, not the mandatory behavior.
Comment removed based on user account deletion
This is a non-issue.
Why the hell this articles keep coming when there are plenty of real issues about Microsoft, IE.
Comment removed based on user account deletion
I just tried it = www.DoNotHijackMe.com in IE8 and Google loaded.
It's caused by a setting Tools -> Internet Options -> Advanced -> Search Options and "Just Display the results in the main window" is selected. If "Do not submit unknown addresses to your auto-search provider" is selected, if it can't find an address it submits it to your default search provider.
No mystery.
For worst article ever not written by Jon Katz to be published on slashdot.
First, IE has been doing this for ages. Second, this is not bad behavior. It doesn't have the downsides that an ISP hijacking NXDOMAIN does. It could even be helpful.
Comment removed based on user account deletion
http://wwww.asdfasfasfs.asdfasfasdfsaf.com/
gives you "Internet explorer cannot display the webpage"
wwww.asdfasfasfs.asdfasfasdfsaf.com
gives you search-engine results for your default search engine.
Nothing for you to see here.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I thought that was the ignorance siren that I heard. Where do I start?
150 million wasted on the latest rebranding of their failed search product. No effect on marketshare
Actually, it stole a percentage point of Google's market share last month. I don't think anybody expected it to gain 70% market share overnight. Except maybe you?
Mass numbers of suspicious posts on Net messageboards all parroting the same talking points: "I'm a long time Google users and I decided to give Bing a try and By Golly! I'm switching!"
Suspicious? Really? I saw somebody the other day on a Macbook Pro using Bing willingly. It's anecdotal evidence. There's nothing suspicious about it. It happens to some people, not everyone. I'm sure there are people who used Live Search before and switched to Google or Yahoo.
Paying floundering Yahoo to use their search engine
I won't argue with the state of Yahoo, but this has the potential to double the usage of Bing, and make it a much more formidable opponent to Google. It was a good deal.
* Putting up fake news story items on Microsoft web pages that are really nothing more than hidden Microsoft search links attempting to inflate the search marketshare
Haven't seen an example of this yet. Provide one and I'll yield this point.
* And now this crap The rate Ballmer is throwing billions at their failed search efforts looks like it may actually outdo Microsoft 8 year long Xbox fiasco for.
Read the first few comments - it goes to your default search provider, which is Google if you set it to. And I hate to be the bearer of bad news for your anti-Microsoft sentiments, but the XBox division is doing pretty well for itself right now. They've made Sony a laughing stock this generation.
"It's a reverse vampire...they....they crave the sun!"
Comment removed based on user account deletion
Every time an ISP starts hijacking NXDOMAIN responses, dozens of comments suggesting that this should not be done by the ISP but in the browser get modded +5 and are generally agreed with.
So MS made their browser do it. What is the problem?
(Other than using a monopoly in one market to get one in another.)
Go green: turn off your refrigerator.
Comment removed based on user account deletion
The roadrunner search does have an opt out though.
Most if not all versions of IE (6+, and probably older ones too) have a feature called search from address bar. With this setting enabled, anything typed in the address bar which does not resolve to a website, is passed on to the default search engine, whichever that may be.
Perhaps a recent update turned this feature ON for people who had it turned OFF? But the feature itself is most definitely not new or news.
I liked my next sig a lot better
Comment removed based on user account deletion
both comcast and M$ are hijacking me.
M$ is truly stupid in giving the following redirection from http://192.168.1.254 which is on my local subnet:
http://www.bing.com/search?FORM=DNSAS&q=192.168.1.254
F^(#ing morons.
I tried www.donothijackme1234.com and I got a pop up asking if I wanted to turn the phishing filter on (you can tell how much I use IE on this computer).
I wonder if turning that on/off makes a difference?
(I clicked "turn it off" of course)
End of discussion. Everybody go rant on a different article.
Go green: turn off your refrigerator.
I'm getting kind of self-conscious.
Some fatass peddling t-shirts is apparently hijacking that site for me.
All IE is doing is performing a search for whatever you typed in, if it can't find the domain. If your search engine is set to Bing, it will search there. My search engine is set to Google, so it searches there.
Nothing to see here, other than FUD perpetrated by the ./ community.
I hate to be the one to tell you this, but this is not news. IE has been doing this for a very very long time.
Seriously, how many bad articles does this guy have to post before he gets thrown off the slashdot team?
BeauHD. Worst editor since kdawson.
Slashdot is getting boring and boring with the anti-ms propaganda ! Cut the crap and quit it !
Right about the time Bing went public, I noticed IE7 on a virtual machine I hadn't patched in a while magically started sending me there instead for bad URL's. Whether this was a redirect of MS Live Search, or something where IE had a Bing "timebomb" enabled at some point once MS knew when the service would light up, it's something I surely didn't enable -- and am having a very hard time disabling. Fortunately I use FF for everything except a couple work apps that still cling to IE, so my forced Bing episodes are few and far between.
Guess if you can't win 'em over with marketing, you can force them through redirection. I'm just waiting for MS Antitrust 2.0 to come out.
Where are they sending visitors to slashdotted sites?
XKCD:Xeric Knowledge Comically Dispen
It depends on how they are doing it; if they are preventing transmission of NXDOMAIN to userland, then RFCs 1034, 1035 and 2065, mainly. Also RFC2308 and 1536 and 4074 and probably others depending on specific circumstances.
Check out RFC1035 section 4.1.1, RCODE 3.
It can be (and will be, right here) argued that the browser is a presentation layer tool that already exists in userland and thus Microsoft preventing users from seeing that a name does not exist (and redirecting them to an advertising engine) is not a standards violation. Certainly the behaviour of the big ISPs like Verizon and Comcast, which actually prevent the client machine from ever seeing the NXDOMAIN response, is a much more heinous violation of standards.
In any case the expected, well standardized behaviour of DNS when asked for a non-existent name is embedded in a great deal of existing work, including user guides and scripts, which is why technically knowledgeable people are usually pretty pissed off by this sort of greedy foolishness even when it's just happening in the browser.
(original poster here) You're right, I'm not as up on the networking side as I am the code side, and I didn't use the correct terminology when I said "hijacking". However, the NXDOMAIN stuff was added by someone else who edited my post before putting it up on the site; I haven't the slightest idea what NXDOMAIN even is. So yes, I'm ignorant in that regard, but not so much so as to throw out terms I don't understand and give a wildly false report.
Basically, what it's done is force-feed all of our machines Bing as a default search engine (it had been Google). It's one thing if it shipped that way, but this just happened all of a sudden and our sales force (who are not exactly IT-savvy) freaked out and started calling in virus reports when the behavior changed without warning.
Sorry for the confusion. Still, sucks what they did.
Of course, the "Slashdot effect" (of everyone trying "donothijackme" in their browser) has now caused an increase in the requests for that domain, and now someone (wisely) has purchased the domain www(dot)donothijackme(dot)com and re-directed THAT to their primary web page...interesting use of an unrelated article to promote one's own business.
I chose not to link to that site again in this post. Just doin' my own little part to not artificially inflate his traffic numbers.
Microsoft today heeded the lessons of technological history, taking the popular "preview porn videos in the search engine" feature and turning its Bob Hope "decision engine" into a porn finder at the address explicit.bobhope.microsoft.com, that loads automatically in Internet Explorer whenever you go to a site that doesn't exist.
"It worked for VHS over Beta, porn sites were leading innovators in online payments. It's a natural synergy," said Steve Ballmer, looking somewhat sweaty and flushed.
Porn sites are some of the keenest users of Microsoft technologies, using the undocumented interfaces in Internet Explorer to install helpful toolbars and bulk email tools on users' systems. "It's all about tools," said Mr Ballmer, looking rather too excited. "Our tools have amazed people for decades. Microsoft are famous for the biggest and best tools ever. Developers! Developers! Developers! DEVELOPEEERS!"
Internet Explorer 8 is a vital part of the promotion. After a competition that advertises IE8's superior standards compliance with a site that deliberately breaks all other browsers, a programme to donate eight free meals for the poor for every IE8 download (with the cost of the meals being 10% of the spend on promoting them) and a string of free porn sites requiring a Silverlight download to watch the smut, IE8 Service Pack 1 will include a "boot straight into porn" mode. "We found that was what users really wanted in an operating system. I mean, browser. They're inseparable, you know." It will include the Storm, Conficker and FBI botnets as standard. "If you can't beat âem, join 'em." The system will also set up automatic deductions from your bank account and credit card.
Mr Ballmer promised that Microsoft will, as always, deliver. "Unlike porn sites, we don't just tease -- we really will fuck you. Now bend over."
Picture: Steve Ballmer ecstatic at the fifth great quarterly results in a row.
http://rocknerd.co.uk
I like how someone just registered www.DoNotHijackMe.com and is directing traffic to http://www.fatguyshirts.com/. Now all of you can finally find some clothing.
And it didn't take long before a /. registered the domain and redirected it to the silly T-shirt store.
"The past was erased, the erasure was forgotten, the lie became truth." ~1984 George Orwell
It's configurable since IE vForever.0
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
...redirects to Bing when I type in a random-string URL
I know you all wanted to see me post that. Such a primmadonna (kdawson, not me)
Edith Keeler Must Die
You're giving free advertisement to some jerk who registered the domain to grab attention to his site. http://who.godaddy.com/WhoIsVerify.aspx?domain=donothijackme.com&prog_id=godaddy
.... ... }
int main (void) {
This kind of oppresive nonsense is why no one trusts M$ and do not want to upgrade XP even in Fortune 50.
Will they ever learn, this is just counterproductive. The shareholders should go after the management. Carl?
It's the correct solution for that "problem" with no "splash damage".
Since we IT people know how [cough] smart [cough] sales people can be sometimes, I bet this is a simple scenario to spell out...
- Sales guy works for a place that does not have forced updates via network policies.
- Sales guy using OLD IE without updates is used to seeing "LiveSearch" in his search bar.
- Sales guy computer breaks for some unrelated problem.
- IT hero comes to salesperson's aid.
- IT hero updates the computer so it's up to date with patches.
- "LiveSearch" changes to "Bing" with one of the updates (no big deal if you are in IT).
- Sales guy freaks out because the label in the search box changed names.
Trust me. I've seen this happen. I once re-organized a salesperson's desktop icons, and he got really pissed off because the 400 icons on his desktop were now in alphabetical order.
Domain hijacking is a huge deal for me.
Your description is confusing the browser trying to resolve your broken DNS request with an ISP hijacking your DNS request.
Primarily, when I'm on an internet connection that's hijacking the domain, if I type 'amazon', firefox first checks if I have an amazon in my searchdomain (ie: amazon.example.com)
No. When you're on an internet connection that's hijacking the domain, amazon resolves to a 'service' provided by your ISP even though it's not a registered domain.
, and if not, it tries adding a .com, then a www. and a .com...
What you mean is that if your ISP's DNS service works correctly and tells you that amazon.com doesn't exist, your web browser (Firefox in this case) has some heuristic for trying other DNS queries in an attempt to help you, and when those queries are exhausted it takes you to a search engine.
if the ISP is hijacking it, I get an answer to 'amazon' with the hijacked page. This means that I have to type the .com every time.
Which is what you should have written first.
So you have to type .com when you mean amazon.com. Yeah, that's like saying that I have to write Plymouth, MA next to 02364 on my address. The postal service is run by people, and usually, they can figure it out, but if the address is wrong, it's your fault, even if they helpfully fix it for you.
with a browser doing the same thing, I could be trying to connect to my primary server (wolverine) and if I mistype the webaddress, it redirects me to bing, changing my URL bar to the bing URL which means that when I've typed 'wolverine/some/really/long/path?with=variables' I have to go type that whole thing over again to correct it rather than just fixing it in the addressbar.
So turn off the feature which searches with the default search engine when your DNS query fails.
If you want to bypass DNS for your machines, put your own entries in your "/etc/hosts file" (%WINDIR%\System32\drivers\etc\hosts on Windows). Also, you can run your own DNS service locally.
so, hijacking the DNS is a BITCH and is totally annoying all the time.
Only if you aren't technically savvy enough to use a web browser. After you type amazon.com in once into IE or Firefox or Chrome these days, the autocompletion helpers from your recent history usually have enough context that shift+enter (in IE anyway, not sure about the others) takes you where you want to go.
The real problem with DNS servers hijacking broken requests is that they lie to network tools, not just web browsers. This can cause serious problems. DNS is used for more than just HTTP.
I tried to find something, and the closest I could come up with was 2308, but I don't think that really addresses this problem.
But, I do agree that it's a problem. I do not want any program that I use to access the internet, to connect to a host:port that is not the one that I specified.
Having said that, I do understand that it is the MS way to try to hide technical complexity from their users, and that it will provide additional income to MS, Yahoo, ISPs, and others.
So, being technical, I will continue to not use MS or my ISPs DNS servers, and will help others as best I can.
"The sky is falling, the sky is falling!"
Apparently next time this happens, please try changing your default search engine to something else besides Bing. Better yet turn off the search option for invalid URLs and "Dummy Proof" IE so you won't get fooled again.
Of course I use Firefox as my main web browser so I don't suffer from stuff like that. I refuse to get fooled again by IE.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
And I'm heading into my preferences to make it so kdawson's articles no longer appear for me. :/
After years of not using a signature, I am going to make one to say the following: Fuck Beta
My cable internet service does that here too. They default to Yahoo, (WHY?) but you can op-out and/or choose your own search engine. In 2 years of rare use (ie accidental, miss-typing) I have only had to reset once.
6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
I just tried it and it routed me through Google search.
Yes, but why are they all posting here?
It does it on mine. Typed in www.xy31lsdf.com (garbage url) and immediately went to Bing. So it is true for me as well.
Right, this took me all of 5 seconds to figure out that it was the default search provider. Come on slashdot, step up your game.
Open %WINDIR%\system32\drivers\etc\hosts in notepad.
At the bottom of the file add this:
66.102.1.147 www.bing.com bing.com
Save it. This will point you to google and break the hijack. Feel free to use any IP you want.
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
What the title says.
Some guy here saw a loose domain and hijacked it away from Bing. Check out this whois and the start date: whois donothijackme.com Registrant: John Johnson 43545 Tell You Las Vegas, Nevada 85698 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: DONOTHIJACKME.COM Created on: 11-Aug-09 Expires on: 11-Aug-10 Last Updated on: 11-Aug-09 Administrative Contact: Johnson, John jjohnson@hjgtrd.com 43545 Tell You Las Vegas, Nevada 85698 United States +1.7674548596 Fax -- Technical Contact: Johnson, John jjohnson@hjgtrd.com 43545 Tell You Las Vegas, Nevada 85698 United States +1.7674548596 Fax -- Domain servers in listed order: NS31.DOMAINCONTROL.COM NS32.DOMAINCONTROL.COM
They've made Sony a laughing stock this generation.
I don't think Sony needed much help on that point.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
That is since this afternoon when someone clever realized an unregistered domain was about to receive a s;ashdotting. Wonder how much those ads earned him today.
Probably not a lot. While I've never had the full benefit of a good slashdotting, I've posted links to my own content sometimes when I felt it to be relevant. Its not a profitable adventure, so, guys looking to make a quick buck will probably be disappointed. Most slashdotters either don't click on ads when they go from slashdot to other sites, so you can get a lot of traffic but with no clicks.
Incidentally, this is probably why newspapers are so pissed off at content linkers in general. The content linker gets the ad revenue but when people jump to the original article, they read the article, then jump back to their original integration point, whether it is slashdot, drudge, or somebody else.
I would think if you were going to try and get yourself slashdotted, I would do it with the expectation that you are going to take a good server beating, not make any immediate money off of it, and go forth from there. It's more of a name recognition thing, then anything else, and the real hope is that the content you provided has some innate legs to it such that some fraction of the people that slashdotted you will spread it themselves via "internet of mouth" and then from there that will, over the long term, grow your site more organically.
This is my sig.
You're welcome to think whatever you want.
What am I, a twig to be bent? Well, OK, I will feed the troll.
I specifically said that you can make an argument the standards are not being violated. These standards are not necessarily defined to exist at the presentation layer. You've chosen to ignore that part of my statement. With that caveat, RFC2065 section 5 specifically defines NXT returns for non-existent hosts - you ask for something not present, you get a description of the range of non-existent hosts that contains the requested name. You follow? There is DATA returned, Microsoft is removing it from the response when it directs you to a search page; if you think it's OK for presentation layer tools to re-interpret returns from DNS in a way that removes content by default without the consent or knowledge of the user, then that's OK - otherwise it's a violation of RFC2065 because the record returned has been munged in transit to the user.
No. I haven't checked, so I would not suggest that.
The subject of the conversation, as I see it, is whether it's OK for IE (presentation layer) to behave in a way that ISPs (transport layer) should not. Tangentially, I guess you are not aware that currently shipping Microsoft operating systems cache DNS, and that current versions of IE only work on Microsoft operating systems.
This is getting tedious. Are you simply missing the point, or are you purposely misdirecting the conversation to exercise your typing skills? IE is shortstopping the bad status return and substituting a valid page lookup. Some people don't like that, and if you believe that the standards control the presentation layer as well as the communication on the wire, then you'll see this as a standards violation.
Didn't I just say that? Some people find it offensive. I would consider it stupid and a waste of my time, if I used IE. But I rarely use IE, because it is a crappy browser that doesn't run on half my systems anyway, and personally I can look up how to change the behaviour anyway.
Perhaps you should write one, then. I don't see any standard which requires applications to not explode and not spit acid in my face. It's somewhat unusual (though not unknown) for RFCs to have negative specifications.
As far as I'm concerned, if your script relies on IE, you have a badly written script. Yet I am aware of several dozen in constant use at several large hospitals, and I am sure there are tens of thousands out there (at least).
Y'know, I was just tr
I can see that we've mutually misinterpreted one another's tones and meanings. My apologies if I came off more rudely than I intended. If we're going to continue this discussion, then let me clarify my tone in the opening sentence that I think you found provocative: I had intended it to be challenging in the style of two guys having a sporting conversation about a subject they both know quite a bit about, as opposed to downright insulting. I can see why that may not have come off as intended, however, particularly since a fair number of posts here really are simply insulting. I agree that the "flamebait" tag was inappropriate. All that aside, I am glad to read your reply. If you're interested in continuing this conversation with a bit more mutual understanding, then so am I. On to more interesting matters.
You mention that this is a standards violation if you believe that the RFCs governing DNS also govern presentation-layer applications which utilize DNS. I don't see this to be the case, and I don't really see how that could be justified based on the content of the DNS RFCs. They define, in rigid detail, how DNS is structured, and how clients and servers may request and transmit information. The actual use of that is left to the application.
But let's say that's not true. Let's say, hey, the application using DNS has a requirement to faithfully present all information that would be meaningful in every response to the user. Obviously, this can't be done in a literal sense. I can't take the exact section you quoted, which defines how DNS clients and servers express an NXDOMAIN, and hand that off to the user, unless I expect them to read and decode the packet by hand. If I'm an application, I HAVE to render that in a way that's actually helpful to the human being who's operating me, and the exact way I do that is certainly not defined in any DNS-related RFC.
Still, I think a reasonable presentation is being made here. The goal here is not to trick the user into thinking that "www.amazon.ocm" is a valid domain which happens to be Bing (or whatever their default engine is), but to make them aware of their mistake, and take a shot at presenting a nice graphical way for the typical user, to get where she meant to go. After all, when Joe Blow types in a bad URL, here's about as much as I bet he'll actually read from Firefox's default response:
"Server not found"
and here's how much information he'll glean from that:
""
Offering a list of possible things that you might have meant is really not such a bad take on how to approach this. I agree that this is a pretty noisy way to accomplish that, and I'm not going to be anxiously watching the Firefox release notes to see when they add it, but the concerns you and I have are pretty different from the concerns of the overwhelming majority of users.
On a more technical point, I don't doubt that there are scripts that rely on IE in certain respects. But, if you're expecting IE to present an error in a specific way when you ask for something that's not there, and you use that in a mission-critical (or heaven forbid, as in your hospital example, life-critical) application, Microsoft is about the last door you should knock on to lay blame.
If anything, it might be nice if they shook things up a bit more often to remind such people that their browser isn't exactly a sturdy foundation on which to rest your scripts.
I've always thought it insane to script an application you don't control, especially a constantly-updating security-sensitive end-user application, but people keep doing it. It's usually a stereotypical Dilbert situation; pointy-haired IT boss purchases software to help doctors, if he admits software sucks he will lose face with doctors and possibly lose income, so Asok or Wally has to make it work. If Asok gets the job, it gets done competently but the user interface is too technical and the doctors hate it, if Wally gets the job he scripts IE to do something magical and PHB gets a raise. Nobody knows why it breaks a year later, but it won't be blamed on PHB buying garbage (the salesman took him on a golfing junket and got him to sign a contract drunk). More likely it will be blamed on the vendor, or even more likely, on Dilbert who was completely uninvolved.
The people who work in such places will always find some way to screw things up, of course. It's almost Darwinian.
I personally would like to see all the browsers present options in a more transparent way; I don't think end users are as stupid as the IE designers think they are. For example, on getting an NXDOMAIN the browser could say this:
"No web server found at URL sexy.foxterriers.com
perhaps sexy.foxterriers.com is not the correct name?
Click here to search Bing for information about sexy.foxterriers.com"
That way you'd get the clueless user assistance function without unrequested search lookups. Instead, the browser just does whatever the default says the user probably wants, and the way to change that behaviour is buried among many other confusing options several layers deep in the configuration interface. Instead of attempting to subtly educate the user (notice how I snuck in an explanation of what URL means by context?) they assume ignorance and thus propagate it.
I tried to make that a https:/// link, incidentally, but unfortunately bing.com seems to have a bogus akamai cert.