NNSquad - Network Neutrality Squad
[ NNSquad ] Re: More info on ISP DNS redirections
> It may be worse than that. If the diversion is really through > fabricated DNS responses, applications such as email could be at > risk. V I agree. Fabricated DNS responses affecting various applications was one of the issues that was front and center with Site Finder, as we all remember, with an implicit assumption in such implementations that "only Web browsers matter" and that other applications negatively affected by such DNS manipulations were assumed to be unimportant. --Lauren-- NNSquad Moderator > > ----- Original Message ----- > From: nnsquad-bounces+vint=google.com@nnsquad.org <nnsquad-bounces+vint=google.com@nnsquad.org> > To: nnsquad@nnsquad.org <nnsquad@nnsquad.org> > Cc: lauren@vortex.com <lauren@vortex.com> > Sent: Fri Mar 14 20:30:44 2008 > Subject: [ NNSquad ] More info on ISP DNS redirections > > I've received a number of replies to my request for more specific > information regarding Verizon and Time Warner (RoadRunner) DNS > redirections/diversions. > > Regarding Verizon (the forwarded message below best summarizes), it > appears that while Verizon has apparently removed the redirection > (to a Yahoo Search page) opt-out for their own routers supplied to > customers, it is still possible for users with enough understanding > of their systems to set their own recursive DNS server addresses. > So, for example, those persons running their own BIND, or using > services such as OpenDNS.org, reportedly can continue to do so > without interference at this time. However, it appears that Verizon > has purposely "raised the bar" to make it less likely that ordinary > users will choose other than the Verizon-supplied Yahoo-diversion > DNS servers. > > As for Time Warner/RoadRunner, I've received additional reports > indicating that diversion (via a wildcard record) is occurring in > other areas in addition to Southern California, but also that not > all areas in Southern California are so configured currently. > Indications so far are that the official RoadRunner opt-outs do work, > and it appears that, as in the Verizon case, there is nothing > currently stopping people from running their own BIND or directing > their client systems to other DNS services. > > Frankly, I find default DNS diversion, even with opt-outs and > available workarounds, to be distasteful and annoying at best, and a > clear "camel's nose under the tent" in terms of potentially taking > advantage of subscribers, especially those who are unlikely to know > how to manipulate their own DNS settings. These cases don't rise to > the obnoxiousness level of VeriSign's infamous "Site Finder" > service, but seem to be another step toward pushing the envelope ever > farther in the wrong direction. If ISPs wish to provide such DNS > diversion services, they should be *opt-in* only. But we all know > why they don't do that. > > --Lauren-- > NNSquad Moderator > > ------- Forwarded Message > > From: Kelly Setzer <setzer@liquidchicken.org> > To: Lauren Weinstein <lauren@vortex.com> > Subject: Re: [ NNSquad ] DNS Interception by ISPs (was Verizon P2P discussion) > Date: Fri, 14 Mar 2008 20:45:44 -0500 > References: <200803141656.m2EGuCp4003802@chrome.vortex.com> > > Feel free to repost or reuse this as you see fit. > > I confirmed that the opt out feature was removed with Verizon tech > support and residential sales on March 6th. They were unable to tell > me when the opt out feature was removed. I know that it was not > working after Thanksgiving of 2007. Previously, FIOS users had to > modify their (Verizon supplied) router configuration to use alternate > DNS servers that did not have the redirection feature. Now, it is not > possible to do that because DHCP leases are short and are not > renewable. In short, FIOS users *will* be assigned IP addresses in > different subnets when their lease expires and will not be able to > access Verizon DNS servers in another subnet. FIOS users are required > to accept DHCP-assigned DNS servers on the router, all of which have > the redirection feature. > > Supporting article: http://www.networkworld.com/news/2007/110907-verizon-redirects.html > (The timing mentioned in the article matches my observations.) > > Verizon appears to have removed the FIOS-specific opt-out instructions > from their support site. There are three other examples remaining: > > http://www22.verizon.com/ResidentialHelp/FiOSInternet/General%20Support/Getting%20Started/QuestionsOne/98552.htm > > http://www22.verizon.com/ResidentialHelp/FiOSInternet/Troubleshooting/Connection%20Issues/QuestionsOne/86294.htm > > http://www22.verizon.com/ResidentialHelp/FiOSInternet/Troubleshooting/Connection%20Issues/QuestionsOne/86295.htm > > > Based on my discussion with residential sales, the behavior is the > same for both DSL and FIOS customers. The only above-board solution > is to get a statically-assigned IP address which is only available as > part of the business class service. Based on pricing that I received > from Business sales on March 6th or 7th, that costs approximately $94/ > mo in the DFW Texas area. That is about twice the cost of residential > FIOS service. I did not ask for the price difference for DSL service. > > The workaround is for FIOS/DSL customers to configure their own > computer systems not to use their Verizon-supplied router as the local > DNS server. I have a local instance of bind running on my Macintosh. > Verizon does not appear to interfere with recursive resolution. My > windows laptop also uses the Mac as a resolver. I have also tested > using opendns.org as a DNS resolver and that works fine. > > > Kelly > [ ... ]