3 edits | Charter Corrupting DNS protocol (ie: hijacking hosts) Remember when Network Solutions altered the root servers to stop returning NXDOMAIN for unknown hosts in unregistered TLDs? (Instead, they hacked the root servers to return an IP address of one of their servers in an attempt to hijack domain name typo web traffic.)
Now, Charter is doing exactly the same thing; and perhaps a bit worse. Charter's DNS service now returns an IP address to a machine servicing only port 80 for any DNS lookup which fails; not only for unknown TLD's, but also unknown hosts within delegated domains.
leo125> nslookup ableeblee.dslreports.com
Server: 24.247.24.53
Address: 24.247.24.53#53
Non-authoritative answer:
Name: ableeblee.dslreports.com
Address: 64.158.56.56
Name: ableeblee.dslreports.com
Address: 206.112.100.132
Thus, if you are using a browser and type any bad domain or host name, you are connected to 64.158.56.56:80 which then returns a hybrid Yahoo search page based on the "Host:" HTTP header, such as:
»www11.charter.net/search?qo=bad_···38-DQTRq
In the returned search results each visible link is wrapped in a javascript on-mouse-over script which updates the status line to indicate the final, legit, target URL while the underlying href= contains a unique identifier pointed at www11.charter.net. Clicking on any link in the search result page only redirects you to the final target through charter.net; in other words, Charter is also tracking your clicks on the redirected, failed-DNS, typo page.
While some may refer to his as "404 Hijacking", the underlying problem is the corruption of a core Internet Protocol/RFC which states unknown hosts MUST return NXDOMAIN. Normal DNS service is important and should not be corrupted in this way (I can outline the problems in further posts if needed).
Charter may also claim they have an "opt-out" feature; but this feature only alters the behavior of your web browser experience and doesn't effect their DNS service implementation.
Furthermore and sadly, "opting out" of the default search return merely makes the intermediate web server redirect you to search.msn.com.
If Charter wants to hijack typos, they should do so in the co-branded browser they ship to new customers while paying the appropriate licensing fees; they should not be corrupting a core Internet Protocol.
Does anyone know how wide spread this "new service" is and how we can go about changing it?
I am located in Bay City, Michigan.
Any advice is appreciated,
Best,
Joey
(Edit: Changed two instances of SERVFAIL to NXDOMAIN, thanks for pointing that error out, I'm pretty dumb sometimes  |
|
|
|
Lazlow
join:2006-08-07
Saint Louis, MO | Joey
Same BS in St Louis.
Lazlow |
|
 stivvyTechnonerd
join:2002-05-08 | reply to joeykahn1
Change your DNS servers.
4.2.2.2 and 4.2.2.3 work fine for me. |
|
|
There's a far bigger issue here: is it acceptable for ISPs to alter core protocols? What then becomes the point of having protocols and standards?
|
|
| reply to joeykahn1
OpenDNS! Try it!
»opendns.com/ |
|
Reviews:
 ·Charter
| They've altered it here in Michigan too.
Tech support is apparently unaware of the issue. (Not that you can understand offshore support, or get them to understand you either.)
This is simply unacceptable as it breaks the standards-based way that the Internet operates. It not only affects browsers (in a bad way) but other apps as well. None of the other apps can handle errors correctly now, and will report false error messages because of the redirect.
AN ISP should not alter standards-based Internet behavior, period. And we shouldn't be forced to use alternate DNS servers to get around an act like this. It's just plain bad technically.
I called Charter Corporate to complain and I suggest others do also. What Charter is doing to DNS resolution is simply unacceptable.
Here is a number at Charter Corporate to call:
888-561-1030 x28377
Call and voice your displeasure at this. |
|
mworks
join:2006-06-13
Faison, NC | Download treewalk at »ntcanuck.com/
Change your dns servers to another provider like level 3 at
4.2.2.2 and 4.2.2.3 . Enjoy MUCH faster browsing .
For those that don't know, Treewalk runs a dns server on your own pc and only goes on the net to get site addresses if they aren't in the local cache.
Much faster than the charter BS |
|
 dks7
join:2004-05-31
Omak, WA | I personally locate some DNS servers of a business or something close to me to use, I use ones that are like 50 miles from me, works great. |
|
1 edit | . |
|
1 edit | So does that mean no more VPNs to the workplace for residential customers?
Any info on the broken VPN issue? |
|
1 edit | . |
|
1 edit | . |
|
Snavvie
join:2006-09-28
Louisville, KY | Hrrm. Interesting topic. |
|
| Marketing people need to be handled Garfield-style... dragged out into the street and shot. |
|
Lazlow
join:2006-08-07
Saint Louis, MO | reply to Snavvie
Not exactly on topic, but here is a link that checks DNSs out.
»www.dnsreport.com/tools/dnsrepor···rter.net
A lot of warning flags for charter.
Lazlow |
|
| Sounds like Charter needs to learn how to properly set up a system of DNS servers before it allows some third-party corporation to hijack them. |
|
| reply to radiofreq
Re: OpenDNS OpenDNS is guilty of the same thing. They however tell you up front that mispellings and known phishing sites will get redirected. Whether you trust them or not is up to you. |
|
| Big freakin woopity do about the change. lol |
|
| reply to joeykahn1
Re: Charter Corrupting DNS protocol (ie: hijacking hosts) If you know an adress is at a certain name, and you type it correctly, what are the chances that you will NOT get the original content by x author at x address?
As long as the original auther has their domain registration fee's paid, there are copyright laws that are designed to prevent misrepresentation, alteration, and replacement of original works or dirivitive works based on an original works registered name, and also to prevent other companies from saying "you can't use that domain"
So, if your ISP does not PAY for the registration of the domain name that you misstyped, they cannot "redirect" you to their own page content without breaking the Domain registration LAWs.
To add to this, if they do pay for their registration fee's and are not trying to misrepresent your original destination, replace or compose a derivitive works of your original destination, there's nothing you can do!
said by loose wire blog :
"Paul Thurrott of Windows and .NET Magazine tells the story of a Canadian teenager called Mike Rowe who brought down the full wrath of Redmond's lawyers when he set up a website called MikeRoweSoft.com. They sent him a 25-page letter demanding that he hand over the domain name. Rowe goes to the press, his site gets massive interest, his case gets lots of support, and suddenly, Microsoft has backed down, issuing an
apology in which the company admitted that it had acted improperly."
It's not a stretch of the laws context to point the finger directly at the company allowing the works to be replaced by 3rd party, or replacement of original works by another company with their own content without paying for the domain registration, or!!!! Redirection of an incorrect url to their content on their page instead of ERROR 404; where it can be considered unlawfull to redirect someone to another site simply by the mis-spelled URL; because it's unlawfull to replace an original work with their own content, at their own URL, without paying for the registration rights for the accidentally mistyped URL. |
|
| You can turn off redirection in windows Internet explorer options, where it says, "search for most likely address" or "do not search from the address bar" etc.. This will prevent your DNS error redirections. |
|
