Verizon's DNS Policy May Be Bad, But It's Not A Network Neutrality Violation
from the red-herring dept
While Comcast has been getting a lot of flack for blocking BitTorrent, some network neutrality activists have also been calling out Verizon for the way its DNS servers work. The DNS specification requires that servers return an error if the user tries to look up an invalid domain name. Instead, Verizon's DNS servers re-direct users who mistype an address to a Verizon-branded search page where Verizon gets to display advertising. (Incidentally, my ISP, Charter, does the same thing.) I agree with Ed Felten that this "feature" is obnoxious, especially because it can break applications that expect to receive DNS error messages. But I don't think it's really a network neutrality issue. Verizon's DNS server does not "block, interfere with, discriminate against, impair, or degrade" anyone's access to Internet content or services, which was the standard proposed in last year's Snowe-Dorgan legislation. Users who type correct URLs aren't impeded in any way from accessing the sites they want to visit. Responding to a failed DNS query with a search page is probably a bad idea, but it's very different from "redirecting a user from Google's search page to Verizon's," which the article implies Verizon might do in the future. Moreover, it's worth keeping in mind that you're not required to use your ISP's DNS server at all. ISPs provide DNS servers as a courtesy, the same way they might provide you with a free email account. But you don't have to use it. You're free to point your computer to another DNS server, such as OpenDNS, just as you can use a third-party email service such as GMail. And if you do that, the settings of Verizon's DNS server won't affect you at all. It's definitely fair to criticize Verizon for failing to follow the DNS specification, but calling it a network neutrality issue is a bit of a red herring.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dns, network neutrality
Companies: verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
Now, I do use OpenDNS. I do this because COmcast's DNS servers were RIDICULOUS. For a period of three weeks, I could not reach ANY domain ending in google.com for about six hours (6pm to midnight) every single night. I finally switched to OpenDNS.
[ link to this | view in chronology ]
Unfair
If someone tries to visit my site but misspells the URL, I want them to see "Page Not Found" and let them try again. But instead they'll see Verizon's page, and some visitors won't understand what has happened or realize that they typed the name wrong.
This raises trademark issues as well, because Verizon will be able to make money from misspelled trademarked names.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: opendns
[ link to this | view in chronology ]
Re: Re: opendns
I wish I had 50 bucks for every time some loud mouth welshed on a 50 buck bet.
[ link to this | view in chronology ]
???
[ link to this | view in chronology ]
It's kinda bad but..
It was a purely performance related descision, waiting 20-30 seconds for dns to resolve because providers main dns server went toes up just made the descision easy.
Netiquette does state not to do this, but I really can't find any better solutions, that have been reliable.
[ link to this | view in chronology ]
Unfair is right
I never heard of the term "typosquatting" before today. I learned something new today. And Rob, I think the betting would be too one sided.
[ link to this | view in chronology ]
@7: That's not just against netiquette, you hurt the network. badly. if everyone who has a dumb provider did this, no one would get resolution at all. It's like phoning up the chief justice because you think your local police force is too slow.
[ link to this | view in chronology ]
You are wrong.
The only ads that appear are the ads that normally appear if you type the url in a search engine.
I think you completely missed the point of what they are doing, and it's yahoo feeding ads, not verizon.
[ link to this | view in chronology ]
Now, I use another port and so go my merry way, but Verizon, having blocked port 25, can block any ports they wish under the same guiding principle. Verizon sets limits.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Use port 465
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
DNSSEC
According to the German (.de) Registry DENIC:
Nevertheless, DENIC does appear to support DNSSEC in principle.
Verizon's search, though, gives them a financial incentive to oppose DNSSEC deployment.
Returning a bogus A record, rather than NSEC, is inconsistent with the DNSSEC design goals.
[ link to this | view in chronology ]
Verizon - not a new thing
VeriSign tried this in 2003 and were creamed in the NetCommunity. There was talk of going to ICANN to appeal Verisign's contract. A patch to BIND was made to prevent teh redirection.
Microsoft's IE redirects bad URLS to the MSN search, but you can change that in the IE settings.
Everyone point there system to Verizon's DNS and run a program to send random URL's to the system; a few hundred every minute. That'll shut them down soon enough.
[ link to this | view in chronology ]
I'm somewhat baffled as well
[ link to this | view in chronology ]
Re: I'm somewhat baffled as well
[ link to this | view in chronology ]
Where is the Demmand that Verizon Stop this Abusiv
What I also find unfortunate, is that there is little public criticism of corporations for this abusive and secretive behavior. Sure, Verizon and Comcast are generating a lot of press on the internet and it is recognized that this behavior is abusive, but the public debate seems stuck on arguing the technical minutia of whether or not these companies are or are not violating certain technical standards.
While this debate is useful it misses the critical points that these companies are not being "transparent" or honest with the public. The "red-herring" in this case is arguing technical minutia to avoid the fact that these companies are not acting in a transparent and open manner. Companies that hide unethical practices should be exposed with demands that these abusive practices be stopped.
[ link to this | view in chronology ]
Re: Where is the Demmand that Verizon Stop this Ab
If the debate isn't well-grounded in the tech, then it just devolves into bias, prejudice and name-calling.
[ link to this | view in chronology ]
Re: Re: Where is the Demmand that Verizon Stop thi
[ link to this | view in chronology ]
The hazards of presuming
One of the many problems with this ill-conceived idea is that it presumes that DNS is used solely to support HTTP. It's not, of course, and the impact on other protocols can be substantial.
For example, it is a best practice to refuse mail which purports to be from any host or any domain that does not resolve, or from any IP address which does not resolve to a host.
To illustrate: I get an incoming SMTP connection from 1.2.3.4. I lookup rDNS for 1.2.3.4; if that lookup fails, I 550 the connection and hang up -- the host has failed to meet minimum requirements for SMTP clients. If that lookup succeeds, I query forward DNS for the hostname I just got back, and 550 the connection if it doesn't resolve. If that test succeeds, and I allow the SMTP conversation to continue, then eventually the other side will specify a sender, say fred@flintstone.example.com. I then look up example.com; if that lookup fails, I 550 the connection and hang up -- it's foolish to accept mail from domains that don't exist. If that lookup succeeds, I pull the MX records for example.com and see if they're valid -- if they point to bogon space, I 550 the connection and hang up, because the message can't be replied to, therefore there is no point in accepting it. I might also check for flintstone.example.com -- is there an MX record for it? Is it covered by a wildcard MX? Is there an A record (so that I can fall back to that in the absence of an MX record)?
The gist is that these are all basic sanity checks designed to refuse mail that's either (a) obviously bogus or (b) coming from an incorrectly-configured host, since long experience (long painful bitter experience) has shown that the only way to get the attention of operators of such hosts is to make the problems obvious to them. These basic sanity checks have as a desirable byproduct considerable effectiveness against unwanted SMTP traffic. (Which is why some MTAs, e.g. sendmail, include them as easily-configurable options.)
Now consider what happens to them if someone starts forging DNS replies a la Verizon. Consider further what happens if those forgeries start happening with no warning. And consider still further that this is just one small example with just one of many application protocols that rely on DNS returning what it's supposed to, not what is convenient.
The bottom line is that this is a really, really bad idea executed by a company that's clearly trying to monetize DNS without regard for the degradation of service it's imposing on its own customers.
[ link to this | view in chronology ]
Comcast blocking OpenDNS? Nah...
[ link to this | view in chronology ]
Re: Comcast blocking OpenDNS? Nah...
I'm glad to hear that.
[ link to this | view in chronology ]
If the typo was still there I could hit two keys and fix it. Since EarthLink (or Comcast) butted in, I have to start over from scratch. And if I make another typo on the last letter, it's time for some deep breathing exercises... :p
[ link to this | view in chronology ]
VZ Wierdness
If you type in random text ending in .com or .net, it will send you to a landing page. If you type in key words like camera.photo.lens.kdhfidhufd.com, you get a host not found! There are other non-random names that will return a host not found. I don't think they are using wildcard dns (at least not as specified by rfc 1034), but something else.
[ link to this | view in chronology ]
Verizon using DNS to censor sites
These blocked pages are invariably political in nature.
[ link to this | view in chronology ]