[AusNOG] Telstra redirecting failed DNS lookups

Scott Howard scott at doc.net.au
Fri Nov 20 10:03:13 EST 2009


On Thu, Nov 19, 2009 at 2:08 PM, Paul Foote <pfoote at gmail.com> wrote:

> All that's left for them to complete the "404" strategy is to put
> transparent proxies in place that redirect on real 404's :P
>
> Did nobody learn the lessons from when Verisign did this with .com ? baah.


In fairness (and I use that term loosly) to BigPond, this is probably a
little different to what Verisign did.

I haven't seen the BigPond details, but I have seen what Comcast are doing
on my US cable connection, and I presume BigPond is doing something similar.

The major differences between the two are :
* Only responds for "www" addresses.  a lookup for "non-existantdomain.com"
will still return an NXDOMAIN, but "www.non-existantdomain.com" returns
their search page.  This means that (the majority of) things like
RBL/anti-spam/etc things which broke under Verisign's redirection no longer
break.
* It's only home users. Business plans/etc are not redirected.  Obviously
this is different to Verisign where everyone was hit.
* You can turn it off, and the page you end up on even gives you the details
on how to turn it off.

Also despite claims to the contrary, Comcast are not actually "intercepting"
DNS traffic - or at least they aren't for me.  They are only doing this for
traffic sent directly to their DNS servers, and pointing to another DNS
server works as expected, as does running your own resolver.


I'm still not saying that it's a good thing for them to be doing, but it's
not quite as bad or destructive as Verisign's move was...

  Scott.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091119/e2b17a71/attachment.html>


More information about the AusNOG mailing list