[ NNSquad ] Thoughts on DNS Redirection

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Thoughts on DNS Redirection

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Thoughts on DNS Redirection
From: "Bob Poortinga" <nnsquad@k9sql.us>
Date: Mon, 17 Mar 2008 19:34:03 -0400

I am not surprised at all by this turn of events.  Everyone should
have seen this coming sooner or later as a result of the SiteFinder
fiasco.  At this point, the redirection appears to be for only
domains with an unrecognized GTLD or that return NXDOMAIN as a result
of a DNS query.  This is the first step in DNS hijacking, and,
although a nuisance, is fairly benign.  The main problem introduced
by this scheme is that some mail systems are configured to reject
mail with an unknown sender domain as an anti-spam measure.
However, anyone who runs a mail server should also be running their
own DNS resolver.  Running your own resolver won't work with ISPs
who actually intercept and proxy all DNS queries, though.

Taking DNS hijacking to the next level will involve substituting an
IP address of the ISP's choice for a the IP address returned from a
legitimate DNS query.  There is nothing in law (except maybe
trademark law) to prevent this from happening.  There is quite a bit
of ad revenue generated from type-in traffic for generic domain
names like 'weddingrings.com' and this will be the next type of
traffic that these ISPs will go after.  There will undoubtedly be a
huge confrontation over this, and, unless there are legal
protections for domain owners codified in law, the ISPs will
probably get away with it.

-- 
Bob Poortinga  K9SQL
Bloomington, IN  US

   [ With this initial round of tests, we don't really know all
     of the interception parameters or conditions.  There is 
     likely to be considerable variation.  For example, some results
     so far suggest that HughesNet is intercepting port 53 UDP (ordinary
     DNS lookups) but perhaps not 53 TCP (zone transfers).  On the other
     hand, early indications from initial reports are that Sprint EVDO
     is intercepting 53 UDP and TCP.

     The nslookup and dig tests specified are quite explicit.  The 
     test arguments specify that the query is to be made to a
     *specific* server.  By the way, there is no requirement that
     the contents of DNS servers only include globally-known TLDs --
     it is not uncommon for "private" names to be included in DNS
     servers for special purposes that can only be obtained with
     direct queries to those servers.

     To the extent that ISP port-based redirection prevents subscribers
     from directly querying specified DNS servers, and in fact return
     falsified data, this is potentially a pretty big deal even now.

       -- Lauren Weinstein
          NNSquad Moderator ]

Follow-Ups:
- [ NNSquad ] Re: Thoughts on DNS Redirection
  - From: Stefano Quintarelli <stefano@quintarelli.it>

Prev by Date: [ NNSquad ] Re: Traffic shaping law proposed in US
Next by Date: [ NNSquad ] Re: Traffic shaping law proposed in US
Previous by thread: [ NNSquad ] Dan Glickman (MPAA) on NN
Next by thread: [ NNSquad ] Re: Thoughts on DNS Redirection
Index(es):
- Date
- Thread