On Sat, Jul 19, 2008 at 11:51 AM, Ian Darwin <[EMAIL PROTECTED]> wrote:
> Syd Carter wrote:
>>
>> Not to plug OpenDNS however should you decide to switch your DNS entry to
>> their servers then it offers a number of features that you may appreciate.
>> Such as, it will redirect 404s, allow you to create shortcuts (ie: ast
>> versus 1.9.168.0.100/admin ), and do some statistical analysis. OpenDNS
>> also states that you will get faster look-ups. I've tried it. It was fun
>> when my kids asked me why a picture of them came up on the screen at times
>> when they were surfing the internet (404 redirect).
>
> When you say "404 redirect", are they running an HTTP proxy that detects 404
> errors, or are you creatively overloading the meaning of "404 - File not
> found on this server" to mean "host not found"? Since you're talking about a
> DNS service I'd assume you mean the latter, but that's a rather imprecise
> use of language (and I know you didn't start this "language redirect" in
> this thread..., I'm just trying to clarify what was meant). :-)
Ian,
>From what I can tell, I think you're right and it's a DNS thing and
has nothing to do with HTTP. I see articles about Deep Packet
Inspection etc but I don't know where they're getting their
information. Some simple testing on my end makes it seem that they're
messing with DNS.
Basically, instead of returning "Host Not Found" or "Domain Not Found"
(I'm not sure if those are the correct technical message descriptions
but you get the idea) they return an IP that points to their
advertising web server.
OpenDNS does the same thing so while it's not Rogers and there's no
banner ad, it's the same thing in my books. I'll explain the
practical problems this causes me in a minute.
Here are 3 examples. First with Phil's properly (note the
non-existent domain response) configured DNS server, next with Rogers,
then with OpenDNS. I've looked up two hosts on each of Rogers and
OpenDNS to demonstrate that no matter what you ask for, they always
return the same IP address.
<begin pasted demo, see below for further discussion>
C:\>nslookup
> server 69.77.170.200
Default Server: sailtel.com
Address: 69.77.170.200
> SomeNonExistantHost.SomeNonExistantDomain.com
Server: sailtel.com
Address: 69.77.170.200
DNS request timed out.
timeout was 2 seconds.
*** sailtel.com can't find
SomeNonExistantHost.SomeNonExistantDomain.com: Non-existent domain
> server 64.71.255.198
Default Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198
> SomeNonExistantHost.SomeNonExistantDomain.com
Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198
Name: SomeNonExistantHost.SomeNonExistantDomain.com
Addresses: 8.15.7.107, 63.251.179.17, 65.200.200.47
> OtherNonExistantHost.OtherNonExsistantDomain.com
Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198
Name: OtherNonExistantHost.OtherNonExsistantDomain.com
Addresses: 8.15.7.107, 63.251.179.17, 65.200.200.47
> server 208.67.222.222
Default Server: resolver1.opendns.com
Address: 208.67.222.222
> SomeNonExistantHost.SomeNonExistantDomain.com
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
Name: SomeNonExistantHost.SomeNonExistantDomain.com.nuvoresearch.com
Address: 208.67.217.132
> OtherNonExistantHost.OtherNonExsistantDomain.com
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
Name: OtherNonExistantHost.OtherNonExsistantDomain.com.nuvoresearch.com
Address: 208.67.217.132
<end pasted demo>
So, that tells me that they (both Rogers and OpenDNS) are returning
their own server IP whenever you ask for something that doesn't exist.
Here's my problem with all this. I have an OpenVPN connection to the
office. When I try to access myfileserver.mycompany.local their
(broken) DNS server return an IP. What should happen (as I see it) is
that the request should go to Rogers, they should return "Non-Existent
Domain" and my PC should move on to the next DNS server which is the
office DNS server on the other side of the VPN. At that time, my
office DNS server will return the correct IP address for
myfileserver.mycompany.local. In short, how can my application ask
the question "Does an IP exist for this host?" It can't.
I don't think they're "hijacking" traffic as some people have said.
They're really just breaking DNS. I'm sure the RFC doesn't say
"return the lookup result, or if no lookup result is available, just
return the IP of your choice".
Anyhow, it's aggravating. I can cancel my service all I want but that
only solves the problems at my home. My users still have Rogers
service and between Rogers shaping encrypted traffic and now meddling
with DNS, I'm going to have a real headache with support.
I think I might call and say "Hi, you've stopped delivering my service
without cause or notice. I'd like a refund of my 30 day pre-payment.
Then tie them up in a discussion about whether offering bandwidth
without DNS is really the same as offering Internet service." I think
Simon's math is right. The least I can do is make them pay a Customer
Service rep to try explaining this. Maybe I'll make a kit for my
users containing a cancellation notice for Rogers, a letter of
outrage, and an application for some other service.
Also, Nabeel's suggestion about using the "opt out" setting only works
for browsers, not anything else and I clear cookies when I exit
FireFox so it's not going too help much in my case.
If Roger's hasn't redirected the page for TekSavvy, maybe I'll look
them up and order from them. :-)
I also noticed a Slashdot page on the topic.
http://tech.slashdot.org/tech/08/07/19/158208.shtml My Rogers
service has gone down a couple times this morning, I can only hope
that the community is DOSing them in outrage.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
