how-to block ads
|
|
Uniqs:
35435 |
Share Topic
 |
 |
|
|
|
 ctg1701aVIP
join:2008-08-07
Philadelphia, PA | reply to Morac
Re: [DNS] Comcast Launches Trial of Domain Helper Service said by Morac:The opt-out method is very convoluted. When connecting from home, you shouldn't need to enter your cable modem MAC address. The server should pick that up on it's own, like it does when you activate a cable modem. Also there should be a check box that says "enable/disable". You can add the primary account email address and password if you want to secure it from preventing other users from optiing in or out. Finally what happens if you opt-out and you aren't in the trial area? The process for activation uses different backoffice systems and processes and why the detection does not happen. Very soon we will replace this method with a Customer Central function where you can simply toggle this in your account preferences and will be processed near real time in the provisioning system to opt-out.
As for opting out in a non-trial area, you can feel free to do so and if this gets rolled out to a larger audience, you would not need to do anything at that time. | |
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | reply to jlivingood
said by jlivingood:The reality is that a very small number of subscribers ever opt-out. At last count yesterday, about 120 had opted out and many of them were not even in the trial markets. Because only people who read this thread probably know of it. So far, the original post is the only link to the opt-out.
Have you sent emails to users where the trial is in effect, with an opt-out link? If not, then 99.9999% probably have no idea what is going on.
If you roll this out nationally, you had better clearly state this in an email, with a CLEAR link to the opt-out. | |
ctg1701aVIP
join:2008-08-07
Philadelphia, PA | reply to jfmezei
said by jfmezei:In case Comcast doesn't know, the internet isn't just for HTTP. Will they also redirect your emails to some advertising site ? As an ISP we are very aware that the Internet isn't just for web traffic alone, and why we have implemented this solution the way we did. | | |
|
ctg1701aVIP
join:2008-08-07
Philadelphia, PA | reply to estover
said by estover:I want to know by what authority does Comcast, or any other ISP, get the right to squat on every domain name never registered and make money on it. Just who do you think you are? Clearly we are not squatting on every domain never registered, that is not how this system works. I would recommend reading the IETF draft: »tools.ietf.org/html/draft-living···irect-00 or the other posts we have posted, and if you have other questions, please feel free to PM me.
Thanks | |
 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to andyross
said by andyross:Have you sent emails to users where the trial is in effect, with an opt-out link? If not, then 99.9999% probably have no idea what is going on. Those emails started going out yesterday afternoon and included opt-out instructions with a direct link to the opt-out site.
said by andyross:If you roll this out nationally, you had better clearly state this in an email, with a CLEAR link to the opt-out. I agree and that is the plan if we go beyond the trial markets!
--
JL
Comcast | |
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | reply to ctg1701a
I always find it interesting how services that make money or help a company collect data are typically opt-out. Anything that costs them money is opt-in.... | |
 usa2kBlessedPremium,MVM
join:2003-01-26
Canton, MI
kudos:3 | Catered to the apathy of the majority!
Rather than marketed for its value  | |
| reply to ctg1701a
said by ctg1701a:Clearly we are not squatting on every domain never registered, that is not how this system works. I would recommend reading the IETF draft: » tools.ietf.org/html/draft-living···irect-00 or the other posts we have posted, and if you have other questions, please feel free to PM me. From the IETF Draft:
"When a recursive DNS server detects such a nonexistent domain error (NXDOMAIN, see Section 4.1.1 of [RFC1035]), the ISP or ASP can instead provide a IP address for a Web Error Landing Server that can present the user with a list of suggested destinations rather than simply an error page."
So, unless you opt-out, this system will never return an NXDOMAIN response to the customer for a DNS request, even if the domain does not exist.
How exactly does this not qualify as "squatting"? You're basically sitting on all unregistered domains for all your customers by default. You're lying to them by intentionally by intentionally sending back incorrect responses to their perfectly legitimate and valid requests.
Furthermore, you're directly subverting their software by returning your own "helpful" results page instead of letting their own browsers do that for them (like all major browsers currently do). I'm surprised Microsoft doesn't sue you for this, as they put a lot of work into their no-such-domain functionality in the new IE8. | |
estoverPremium
join:2004-03-16
Valencia, PA
kudos:1 | reply to ctg1701a
said by ctg1701a:said by estover:I want to know by what authority does Comcast, or any other ISP, get the right to squat on every domain name never registered and make money on it. Just who do you think you are? Clearly we are not squatting on every domain never registered, that is not how this system works. I would recommend reading the IETF draft: » tools.ietf.org/html/draft-living···irect-00 or the other posts we have posted, and if you have other questions, please feel free to PM me. Thanks hmmmmmm:
From the IETF Draft:
"When a recursive DNS server detects such a nonexistent domain error (NXDOMAIN, see Section 4.1.1 of [RFC1035]), the ISP or ASP can instead provide a IP address for a Web Error Landing Server that can present the user with a list of suggested destinations rather than simply an error page."
I am waiting with bated breath for the word, or group of words, you are going to string together in an attempt to explain what this is if it is not squatting.
One BIG question I asked the " individual" at Zoominternet and never got an answer.:
Say a Comcast user is trying to get to my website based on a friends referral. Problem is he mistypes the address and Comcast, being the friendly ISP, servers him up a list of "Did you means....." pointing him directly to my competition. With out the aid of Comcast, the elderly gentleman would have received an error he has seen many times before, rechecked the address he typed noting the error, and typing in the correct address.
How do you protect against that?
How do you see the issue of ping alerts that I use every day.
At last check, on Zooms service when I tested a known dead server, I received a reply from the landing server.
Now the makers of the software could change there code to check the IP and not the domain, but why should they have to because you guys figured out a way to milk a couple more pennies from people.
I have more question but need to get back to my beer. Chimay Grand Reserve will wait only so long and this one has waited just under 9 years to be enjoyed. | |
| reply to ctg1701a
While I can see concerns here... The issue is not unprecidented as many ISPs do this (not an excuse), many tool bars do and the browser industry does as well. I'd rather a known (and accountable) entity manage this than some unexpected toolbar I got from my kids web download. | |
usa2kBlessedPremium,MVM
join:2003-01-26
Canton, MI
kudos:3 Reviews:
 ·VOIPo
 ·WOW Internet and..
| I despise the browser search tools beyond the flexible Standard FF one!
The only too needed
| |
| reply to ctg1701a
said by ctg1701a:4 – As we considered how to implement the Domain Helper service, we observed that it was difficult to discern common practices (much less best practices) across ISPs. As a result, we have taken the lead to work with many contributors to produce the first draft of a possible Best Current Practices document at the IETF. The objective of this document is to describe the design of DNS redirect services deployed today by ISPs and DNS Application Service Providers (ASPs), and other organizations providing DNS redirect services via their recursive DNS services, as well as to describe the recommended best current practices regarding such systems. This document is available at » tools.ietf.org/html/draft-living···irect-00. We are actively soliciting comments on this document and hope to be able to present it at the next IETF meeting in late July. Chris Comcast National Engineering & Technical Operations You managed to submit an entire IETF draft that complete fails to address the most- and most-easily broken DNS-based application of all: DNSBLs and RHSBLs.
They function, as you know, AT THEIR CORE with NXDOMAIN replies, indeed - bad things start to happen the moment you replace NXDOMAIN replies with A RR's, despite you receiving valid SOA RR records for their parent domains.
And there's so many of them, public and a little-less-public, that whitelisting them all is not just hard, but next to impossible: Suddenly, starting up a new BL encounters huge barriers of entry as 100's of DNS redirect systems at major operators are disrupting their operation. You may argue that residential users do not use BLs, but I am in a position to know the contrary to be true.
What (human, procedural, publicly reachable) resources have Comcast, Cablevision, Wide Open West, Earthlink (all operators known to do DNS redirect) put into place to maintain these whitelists, and address BL operator's need for obvious contact? | |
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
 ·SONIC.NET
·Pacific Bell - SBC
| reply to usa2k
Firefox search. |
| |
danry25Premium
join:2008-05-21
Seattle, WA | reply to ctg1701a
Another attempt to squeeze money out of a place that is bone dry, I scoff at this sad and deplorable attempt to try and wring more money out of my household. You better start redirecting 4.2.2.1 and 4.2.2.2. | |
 ahulettLife Without WallsPremium,VIP
join:2003-02-02
Bellevue, WA
kudos:2 | reply to jlivingood
The views and opinions expressed in this post are my own and do not reflect those of Microsoft. Microsoft is a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.
I've been thinking about my reply here. There really isn't anything I, or any of us can say, that will cancel out this trial and revert everyone back to nonexistent responses. Comcast took an assessment, determined that a fraction of its customers would know the inner-workings that lead them to the search page, determined that an even smaller fraction of those customers would be impacted enough to voice concern at the change and want a way to opt-out, found this to be acceptable, made its decision and is moving forward.
This is one of those discussions where we need to respect each side's view, agree to disagree and move on. I'll make this last post on the matter to wrap up discussion on my end.
In terms of anti-spam, it should not affect servers running A/S systems since those (1) don't run in user IP space and (2) don't use these DNS servers as a result of 1. Yes, software operating in the cloud is out of scope. I'm referring to machines resolving domains against DNS servers set to direct nonexistent domains to the search page server's address.
I often hear vague references to software that will break but, when pressed, I've been unable to get a list of actual examples of this. If you have any, I'd love to see them and add them to the next draft I am working on. Even if I provide examples, what's the magic number from when it's ok to crossing into too many? Any answer above zero here is subjective - the only solid answer is zero. But to be realistic, there has to be some amount of acceptable impact, such as breaking nslookup, apparently.
Beyond nslookup, I would guess (keyword guess here) the 'average user' possibly has no other dependencies on accurate DNS information for nonexistent domains. Had this been a real problem for 'average users' on other ISPs with this setup, there would be complaints, it's assumed. (And to address your question, I am personally unaware off the top of my head on other products impacted by this change. But understand I spin in virus/trojan/spyware circles, meaning I'm more focused on how to prevent installation and how to fully clean up after infection than I am on researching general software's use of the DNS system, and even if, during my research, I have come across a legitimate application running on end-user machines that relies on proper DNS lookup results, I am bound by the Microsoft Privacy Policy and other guidelines and am unable to disclose.)
But I'm not an 'average user' (whatever that means) in that I'm expecting nslookup to give me an accurate answer. Given I'm knowledgeable enough to know how to use it, I imagine Comcast's position is that I should also be knowledgeable enough to work around it on my own (via opt-out or changing to resolve against a different DNS server). As for the rest of the customer base, even though all have nslookup on their system, they're likely uninformed about its existence and expected functionality, meaning it's an assumed non-issue.
In other words, I and users like me that make up a very small minority of the customer base are not within Comcast's target audience regarding their ISP product features, and the opt-out option, while creating more work on our end, is meant to help satisfy our needs and keep everyone using the service satisfied.
Ok, I suppose. And to be fair, it seems this only applies to A-record lookups when the third-level domain or deeper (as in fourth-level or fifth or...) is www and the TTL on these non-authoritative answers pointing to the search page server is 0 seconds, meaning even though I disagree with the implementation, I'm glad to see it's being applied smartly.
Now, I can argue that every web browser is affected and therefore broken (such as by sending non-English speaking users to an English-based search page rather than showing a nonexistent domain message using the user language - I'm assuming the search page only comes in English), but that's obvious, I believe. It's the end goal to change the browser experience, and again, if I'm knowledgeable enough to know how DNS should work, I should know that I've been redirected due to a nonexistent domain and know how to change settings if this is a problem and so on and so on and so on.
It is difficult to imagine that a very lightweight HTML page will get you close to a 250GB limit. Even if you hit this page 24x7 you couldn't do it. Assuming 3.5 seconds to load a 54.6KB page (meaning 15.6 KB/sec - this is based on some observed time and size estimates via online tools), doing this 24x7 for 30 days comes out to roughly 38 GB a month:
(60 sec/min * 60 min/hr * 24 hr/day * 30 days/month * 15.6 KB/sec * 0.00098 MB/KB * 0.00098 GB/MB)
Even if I hit 40 GB, am I personally worried from my own usage? No. I'm one of those rare customers that measures usage at the edge. The most usage in a month I've had over the past 2 years is 80 GB. This search page's reasonable data usage would have been insignificant (on the order of megabytes) had I kept its functionality. But again, when is the amount of data OK versus when it's too much? Where this magic line lies is, again, subjective, with zero delta between receiving a nonexistent domain response and this search page being the only solid answer, but to again remain realistic, there was probably some estimation formed using customer data (a.k.a. the average number of DNS lookups returning nonexistent domain) that for an average user the increase is minimal (within the space of a few megabytes per month).
The reality is that a very small number of subscribers ever opt-out. At last count yesterday, about 120 had opted out and many of them were not even in the trial markets. Interesting, and I'll still keep the Facebook group open.
-------------
So why do I post twice against this change when, in the end, I essentially just argued your points for you? I'm focused on the principle of the change, such as breaking things (nslookup, localized browser error page) and increasing traffic, and more importantly, doing so without disclosure or consent. While I know there's intent in avoiding addressing any comparisons between potentially unwanted software changing browser behavior without adequate user consent and what's occurring here, it is still an interesting and most important point, is it not, as if the change were client-side rather than in the infrastructure, the conversation here would be quite different indeed.
My personal beliefs have me place the decision to change from expected behavior (for those of us knowing what this is) to a new behavior (where the user is taken someplace new which they may or may not want to visit) with the user, where disclosure and the option to accept or block the change remains in their control. As when it comes down to really digging down here, users entering nonexistent domains into their browser are pulling Yahoo! results, meaning Yahoo! now has this information. For me, not only do I want to receive a nonexistent domain response back and have the browser render the appropriate error page, I prefer not to send nonexistent domains I enter to Yahoo!, even if in an anonymous manner. To send this information to Yahoo!, Comcast should be asking for my permission first, but this consent isn't gained, it's just assumed.* And it is on this practice alone where we'll need to agree to disagree.
//A
*Although I wouldn't be surprised if one replied with a quote from the Terms of Service showing that I somehow already agreed, that for me personally doesn't matter as that's not what some may consider prominent notice of this change. And if someone down the road approached me and said anonymous information on every domain I ever entered was sent to Company X, while again, the TOS probably allows this, I would have welcomed clearer transparency into where my personal information goes.
The views and opinions expressed in this post are my own and do not reflect those of Microsoft. Microsoft is a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.
--
Did you opt-out of Comcast's Domain Helper Service? »preview.tinyurl.com/lfz9e4
| |
jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to cablewizzard
said by cablewizzard:You managed to submit an entire IETF draft that complete fails to address the most- and most-easily broken DNS-based application of all: DNSBLs and RHSBLs. They function, as you know, AT THEIR CORE with NXDOMAIN replies, indeed - bad things start to happen the moment you replace NXDOMAIN replies with A RR's, despite you receiving valid SOA RR records for their parent domains. The use of DNSRBLs will be covered in a future IETF document I plan to write, but it is orthogonal to the DNS redirect draft since mail servers do not use subscriber-facing DNS caches for DNS resolution, and in many cases have dedicated resolvers. I'll add a note on this in a future update of the DNS redirect draft, though. Thanks for the suggestion!
--
JL
Comcast | |
p2pnet
join:2007-04-14
Lake Cowichan, BC | reply to ctg1701a
Rogers is at it as well ...
Rogers version of 404 helper - »www.p2pnet.net/story/24970
Cheers! | |
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ | reply to NormanS
Re: [DNS] Comcast Launches Trial of Domain Helper Service said by NormanS:said by AVD:They can hijack your DNS settings. Comcast has already stated that they will not. I never said they do or would, I just said that they can.
--
standard disclaimers apply. | |
| reply to ctg1701a
Re: [DNS] Comcast Launches Trial of Domain Helper Service This morning I mistyped a domain name and was redirected to a custom search site. Everything I have done to turn off this comcast "service" (including the online chat help) looks an awful lot like a phishing scam that requires me to give up personal information and/or passwords. When I log into comcast.com, there is no option to remove the domain service helper. When I called the comcast 800 number to get into comcast.net (because I couldn't do so with the uname/pass I use to pay my bill at comcast.com), the tech knew nothing about the domain service helper.
I want this turned off. If it is not a service and *is* a virus, I need to remove it.
I would like to talk to a person at comcast who knows what this is. Is there a number anyone can provide other than the 800 number on the comcast page that directs me to tech support who can't help? Replies to this post will be sent to my e-mail if anyone can help me. Thanks! | |
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | There is an opt-out link in the first message:
»dns-opt-out.comcast.net/
It's currently a bit messy, and you need to determine the proper HFC MAC address of your modem. You can also alter the DNS address of your computer or modem to point at another DNS service, or the non-redirect Comcast servers, if they ever give a list (I only know the Chicago area servers.) | |
|
