[AusNOG] Telstra redirecting failed DNS lookups
Tom Wright
twright at internode.com.au
Fri Nov 20 10:27:04 EST 2009
Pretty sure that's going to be a no.
I'd say they're just doing nasty things to their resolver configurations, as opposed to some kind of intrusive DPI on DNS packets.
So if you use a resolver other than Telstra's, you'd be fine.
They've also stated that it will be an 'opt-out' system.
-- Tom
On 20/11/2009, at 9:37 AM, Mark Caetano wrote:
> So would this still happen if you use a 3rd party DNS server or even run your own like I have?
>
> On 20/11/2009, at 10:03 AM, Scott Howard wrote:
>
>> On Thu, Nov 19, 2009 at 2:08 PM, Paul Foote <pfoote at gmail.com> wrote:
>> All that's left for them to complete the "404" strategy is to put transparent proxies in place that redirect on real 404's :P
>>
>> Did nobody learn the lessons from when Verisign did this with .com ? baah.
>>
>> In fairness (and I use that term loosly) to BigPond, this is probably a little different to what Verisign did.
>>
>> I haven't seen the BigPond details, but I have seen what Comcast are doing on my US cable connection, and I presume BigPond is doing something similar.
>>
>> The major differences between the two are :
>> * Only responds for "www" addresses. a lookup for "non-existantdomain.com" will still return an NXDOMAIN, but "www.non-existantdomain.com" returns their search page. This means that (the majority of) things like RBL/anti-spam/etc things which broke under Verisign's redirection no longer break.
>> * It's only home users. Business plans/etc are not redirected. Obviously this is different to Verisign where everyone was hit.
>> * You can turn it off, and the page you end up on even gives you the details on how to turn it off.
>>
>> Also despite claims to the contrary, Comcast are not actually "intercepting" DNS traffic - or at least they aren't for me. They are only doing this for traffic sent directly to their DNS servers, and pointing to another DNS server works as expected, as does running your own resolver.
>>
>>
>> I'm still not saying that it's a good thing for them to be doing, but it's not quite as bad or destructive as Verisign's move was...
>>
>> Scott.
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ~~~
> Regards,
> Mark Caetano
> Managing Director
> Akami Hosting/Dominium Systems
>
> Ph: (02) 8014 8991(akami)
> Ph: 0402 616 316 (personal)
>
> Em: mark at akami.info (akami)
> Em: mark at phracture.com (personal)
>
> By reading this email, it is assumed that you have read and agreed to our email and communications disclaimer. You may find a copy at: http://www.akamihosting.info/email_notice.php
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
--
Kind Regards,
Tom Wright
Internode Network Operations
P: +61 8 8228 2999
W: http://www.internode.on.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091120/5c7f36e8/attachment.html>
More information about the AusNOG
mailing list