Verizon's DNS Policy May Be Bad, But It's Not A Network Neutrality Violation
from the red-herring dept
While Comcast has been getting a lot of flack for blocking BitTorrent, some network neutrality activists have also been calling out Verizon for the way its DNS servers work. The DNS specification requires that servers return an error if the user tries to look up an invalid domain name. Instead, Verizon's DNS servers re-direct users who mistype an address to a Verizon-branded search page where Verizon gets to display advertising. (Incidentally, my ISP, Charter, does the same thing.) I agree with Ed Felten that this "feature" is obnoxious, especially because it can break applications that expect to receive DNS error messages. But I don't think it's really a network neutrality issue. Verizon's DNS server does not "block, interfere with, discriminate against, impair, or degrade" anyone's access to Internet content or services, which was the standard proposed in last year's Snowe-Dorgan legislation. Users who type correct URLs aren't impeded in any way from accessing the sites they want to visit. Responding to a failed DNS query with a search page is probably a bad idea, but it's very different from "redirecting a user from Google's search page to Verizon's," which the article implies Verizon might do in the future. Moreover, it's worth keeping in mind that you're not required to use your ISP's DNS server at all. ISPs provide DNS servers as a courtesy, the same way they might provide you with a free email account. But you don't have to use it. You're free to point your computer to another DNS server, such as OpenDNS, just as you can use a third-party email service such as GMail. And if you do that, the settings of Verizon's DNS server won't affect you at all. It's definitely fair to criticize Verizon for failing to follow the DNS specification, but calling it a network neutrality issue is a bit of a red herring.
Filed Under: dns, network neutrality
Companies: verizon
Comments on “Verizon's DNS Policy May Be Bad, But It's Not A Network Neutrality Violation”
Yeah, but if you switch to OpenDNS, they support themselves by serving their own pages with ads on failed lookups, too. So that’s not going to solve any technical problems such “results” might cause in some circumstances and it then becomes an issue of whether you want to give Verizon’s ad department your eyeballs or OpenDNS’s.
Now, I do use OpenDNS. I do this because COmcast’s DNS servers were RIDICULOUS. For a period of three weeks, I could not reach ANY domain ending in google.com for about six hours (6pm to midnight) every single night. I finally switched to OpenDNS.
Unfair
There’s a term for this – typosquatting. It might not be illegal, but it is unethical.
If someone tries to visit my site but misspells the URL, I want them to see “Page Not Found” and let them try again. But instead they’ll see Verizon’s page, and some visitors won’t understand what has happened or realize that they typed the name wrong.
This raises trademark issues as well, because Verizon will be able to make money from misspelled trademarked names.
Shall we start a betting pool on how long until OpenDNS is blocked by the major ISPs?
Re: opendns
sure rob, how about never? I’ll put 50 bucks on that anyday, because there is absolutely nothing wrong with openDNS, makes it easier on major providers anyway.
Re: Re: opendns
Verizon makes money on those ads so why wouldn’t they block OpenDNS to protect that revenue? A commenter here recently reported Comcast blocking OpenDNS. And back when I had Cox for an ISP for a while they were blocking French ISP’s for political reasons. I doubt they would hesitate to block OpenDNS too.
I wish I had 50 bucks for every time some loud mouth welshed on a 50 buck bet.
???
I use 4.2.2.2 a forwarder now and then it certain situations, and I have never had a page return a verizon search page.
It's kinda bad but..
I use a list of the root DNS servers period. Comcast and Verizon in my area have dns servers that are hammered. Now, I am using a dns server within my firewall to cache locally.
It was a purely performance related descision, waiting 20-30 seconds for dns to resolve because providers main dns server went toes up just made the descision easy.
Netiquette does state not to do this, but I really can’t find any better solutions, that have been reliable.
Unfair is right
I had a friend tell me about this problem when he misspelled my website URL but I didn’t understand how that could happen.
I never heard of the term “typosquatting” before today. I learned something new today. And Rob, I think the betting would be too one sided.
The real problem i see with that redirection is not www, but everything else. Mails for instance go to Verizon instead of being bounced.
@7: That’s not just against netiquette, you hurt the network. badly. if everyone who has a dumb provider did this, no one would get resolution at all. It’s like phoning up the chief justice because you think your local police force is too slow.
You are wrong.
I just tried it. Typed in some bogus URL on my Verizon FIOS service. Verizon took my attempt and fed it to yahoo search for me automatically. I think they are just trying to help the grandmas who don’t know what they are doing.
The only ads that appear are the ads that normally appear if you type the url in a search engine.
I think you completely missed the point of what they are doing, and it’s yahoo feeding ads, not verizon.
Umm, I call shenanigans. Verizon DOES block your ability to use 3rd-party mail servers. GMail is web-based, son. A server at a friend’s ISP, connecting over port 25, is BLOCKED by Verizon, period end of story.
Now, I use another port and so go my merry way, but Verizon, having blocked port 25, can block any ports they wish under the same guiding principle. Verizon sets limits.
Re: Re:
Really? That would be big news if it could be confirmed. I’ve got Charter, which does the same thing with DNS but doesn’t block third-party email.
Re: Re:
Isn’t that standard practice? To (somewhat) prevent spoofing email, ISPs require outbound mail to go through in-house servers, but inbound on port 110 can be any source you have access to.
Re: Re: Re:
It’s more to tie customers to the ISP’s e-mail address and make it more difficult for them to switch providers.
Re: Re:
You can call shenanigans all you want about Verizon blocking port 25. They do it because Verizon states quite clearly in the TOS that as a residential customer, you are not permitted to run servers. Sign up for a Verizon business DSL account and they no longer block the ports.
Re: Use port 465
and encryption. It’s not that hard to do and if you think that outbound mail can only go over port 25, then you are probably best off sticking to your ISPs email service/server.
I’m curious to try this when I go home tonight. I have Verizon FIOS (no, my house never caught on fire) and I’ve never noticed this. I wonder if it only applies to DSL.
It is a well established fact that Verizon blocks ports 25 and 80. However, having said that, I haven’t had any trouble with anything, aside from setting up a personal web server. I use GMail through POP3, as well as the web interface, and have email from other non-Verizon providers, and have never had an issue…
DNSSEC
According to the German (.de) Registry DENIC:
Nevertheless, DENIC does appear to support DNSSEC in principle.
Verizon’s search, though, gives them a financial incentive to oppose DNSSEC deployment.
Returning a bogus A record, rather than NSEC, is inconsistent with the DNSSEC design goals.
Verizon - not a new thing
This is not something others have not tried:
VeriSign tried this in 2003 and were creamed in the NetCommunity. There was talk of going to ICANN to appeal Verisign’s contract. A patch to BIND was made to prevent teh redirection.
Microsoft’s IE redirects bad URLS to the MSN search, but you can change that in the IE settings.
Everyone point there system to Verizon’s DNS and run a program to send random URL’s to the system; a few hundred every minute. That’ll shut them down soon enough.
I'm somewhat baffled as well
I’ve had Verizon DSL for years and haven’t seen that. Perhaps it is because I use Firefox, but I get the 404 messages & such and don’t even know what their search engine looks like.
Re: I'm somewhat baffled as well
I think this might only happen on their new FiOS network.
Where is the Demmand that Verizon Stop this Abusiv
One of my major complaint themes has been that corporations are acting unethically. Many times I have been directed to “fake” websites, either through the result of typographic errors or the simple fact that the website I was seeking no longer exists. I also have found that internet searching has been “corrupted” to return irrelevant results that appear to be relevant. While I can appreciate that corporations need to make money, it is unfortunate that corporations result to these underhanded tactics.
What I also find unfortunate, is that there is little public criticism of corporations for this abusive and secretive behavior. Sure, Verizon and Comcast are generating a lot of press on the internet and it is recognized that this behavior is abusive, but the public debate seems stuck on arguing the technical minutia of whether or not these companies are or are not violating certain technical standards.
While this debate is useful it misses the critical points that these companies are not being “transparent” or honest with the public. The “red-herring” in this case is arguing technical minutia to avoid the fact that these companies are not acting in a transparent and open manner. Companies that hide unethical practices should be exposed with demands that these abusive practices be stopped.
Re: Where is the Demmand that Verizon Stop this Ab
Steve,
If the debate isn’t well-grounded in the tech, then it just devolves into bias, prejudice and name-calling.
Re: Re: Where is the Demmand that Verizon Stop thi
I will agree that tech plays a rule, but you need to look at the results. Results are provable facts too, so it isn’t bias and name-calling. If I make a mistake when typing in URL and I get my.unethicalretail.com instead of a message “Please try again” that is clearly factual proof that the the company is using technology to mislead the user.
The hazards of presuming
that “web” and Internet” are synonymous.
One of the many problems with this ill-conceived idea is that
it presumes that DNS is used solely to support HTTP. It’s not,
of course, and the impact on other protocols can be substantial.
For example, it is a best practice to refuse mail which purports
to be from any host or any domain that does not resolve, or from
any IP address which does not resolve to a host.
To illustrate: I get an incoming SMTP connection from 1.2.3.4.
I lookup rDNS for 1.2.3.4; if that lookup fails, I 550 the connection
and hang up — the host has failed to meet minimum requirements for SMTP clients. If that lookup succeeds, I
query forward DNS for the hostname I just got back, and
550 the connection if it doesn’t resolve. If that test succeeds, and I
allow the SMTP conversation to continue, then eventually
the other side will specify a sender, say fred@flintstone.example.com. I then look up example.com;
if that lookup fails, I 550 the connection and hang up — it’s
foolish to accept mail from domains that don’t exist. If that
lookup succeeds, I pull the MX records for example.com and
see if they’re valid — if they point to bogon space, I 550 the
connection and hang up, because the message can’t be replied
to, therefore there is no point in accepting it. I might also check
for flintstone.example.com — is there an MX record for it? Is it covered by a wildcard MX? Is there an A record (so that I can
fall back to that in the absence of an MX record)?
The gist is that these are all basic sanity checks designed
to refuse mail that’s either (a) obviously bogus or (b) coming
from an incorrectly-configured host, since long experience (long painful bitter experience) has shown that the only way to get the attention of operators of such hosts is to make the problems obvious to them. These basic sanity checks have as a
desirable byproduct considerable effectiveness against unwanted SMTP traffic. (Which is why some MTAs, e.g. sendmail, include
them as easily-configurable options.)
Now consider what happens to them if someone starts
forging DNS replies a la Verizon. Consider further what happens if those forgeries start happening with no warning. And consider still further that this is just one small example with just one of many application protocols that rely on DNS returning what it’s supposed to, not what is convenient.
The bottom line is that this is a really, really bad idea
executed by a company that’s clearly trying to monetize DNS
without regard for the degradation of service it’s imposing
on its own customers.
Comcast blocking OpenDNS? Nah...
As for the report above that Comcast was blocking OpenDNS — we’ve never heard a single report about it. Probably some other issue related to the individual user in question.
Re: Comcast blocking OpenDNS? Nah...
As for the report above that Comcast was blocking OpenDNS — we’ve never heard a single report about it. Probably some other issue related to the individual user in question.
I’m glad to hear that.
The worst thing about typo-squatting, IMO, is that it deprives me of the opportunity to fix the typo and move on. I put in a URL that was off by one letter. Then suddenly the browser is redirected off to some ridiculously long address.
If the typo was still there I could hit two keys and fix it. Since EarthLink (or Comcast) butted in, I have to start over from scratch. And if I make another typo on the last letter, it’s time for some deep breathing exercises… :p
VZ Wierdness
I am a FiOS customer and they do have a way to disable this feature by manually configuring DNS, but I was researching this while writing up a blog and I found something interesting (at least to me).
If you type in random text ending in .com or .net, it will send you to a landing page. If you type in key words like camera.photo.lens.kdhfidhufd.com, you get a host not found! There are other non-random names that will return a host not found. I don’t think they are using wildcard dns (at least not as specified by rfc 1034), but something else.
Verizon using DNS to censor sites
They are now intercepting DNS queries to non-Verizon DNS servers and redirecting the query to the intentionally broken Verizon DNS servers. They are also using DNS to censor parts of websites – nytimes.com – you can reach the base address fine, but attempts to access certain pages are redirected to Verizon’s fradulent advert/error page.
These blocked pages are invariably political in nature.