how-to block ads
|
|
Share Topic
 |
 |
|
|
|
 koitsuPremium,MVM
join:2002-07-16
Mountain View, CA
kudos:14
4 edits | reply to ctg1701a
Re: [DNS] Comcast Launches Trial of Domain Helper ServiceI wonder if Comcast realises this can (read: does) break spam filtering on the client-side if DNS resolution (forward and reverse) is used as a form of validation.
There's numerous other "gotchas" which I can go into if people are curious. But as others have mentioned, other ISPs have tried this and gotten shot down as well.
Also, Comcast rolling this out now puts into question whether or not this individual was telling the truth, and that "ComcastBonnie" who stated publicly "engineering confirms we do not hijack any DNS traffic in our network and certainly not to 3rd party resolvers" was probably lying.
Like others have said: very, very bad idea. Comcast, you will end up rolling this back, so be sure to forward my comments on to whatever managerial or marketing idiot proposed this idea to begin with. :-)
EDIT: Also, there's a problem with the opt-out Emails your opt-out page sends. The Emails themselves contain a multipart attachment (which is fine), however there's no content in the actual mail itself -- the content is only available inside one of the multipart attachments. This is what I'm talking about:
From: Comcast Domain Helper Opt-Out System <comcast-dns-helper-opt-out@comcast.net>
To: user@comcast.net
Date: Thu, 9 Jul 2009 09:16:59 -0700 (PDT)
Subject: Action Needed: Comcast Domain Helper Opt-Out Confirmation
<end of mail>
If we examine the multiparts, we see:
I 1 <no description> [multipa/alternativ, 7bit, 2.1K]
I 2 `--> <no description> [text/plain, quoted, us-ascii, 0.8K]
I 3 `--> <no description> [text/plain, 7bit, us-ascii, 0K]
I 4 `--> <no description> [text/html, quoted, us-ascii, 1.0K]
Attachment #2 contains a text version (text/plain) of the content in attachment #4 (text/html). Attachment #2 should really be placed in the root body of the Email (what would be shown above as Attachment #1).
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer. | |
 ctg1701aVIP
join:2008-08-07
Philadelphia, PA | said by koitsu:I wonder if Comcast realises this can (read: does) break spam filtering on the client-side if DNS resolution (forward and reverse) is used as a form of validation. There's numerous other "gotchas" which I can go into if people are curious. But as others have mentioned, other ISPs have tried this and gotten shot down as well. Also, Comcast rolling this out now puts into question whether or not this individual was telling the truth, and that "ComcastBonnie" who stated publicly "engineering confirms we do not hijack any DNS traffic in our network and certainly not to 3rd party resolvers" was probably lying. We were aware and working with the twitter team when the person claimed we were hijacking DNS traffic which was just not true. We do not hijack 3rd party DNS traffic and based on the response from users on slashdot as well as the larger Comcast community this was proved false.
You should also be aware we are working on an internet draft with many other internet and DNS providers to help get these services more standardized and hopefully not disrupt other services as they have in the past. | | |
|
koitsuPremium,MVM
join:2002-07-16
Mountain View, CA
kudos:14 | Fair enough, but it does seem a bit suspicious that someone would encounter redirection services on Comcast (and some other people who commented in the blog also were seeing it), regardless of what DNS servers they were using, be told officially "we don't do this sort of thing", then two days later find the anomalous behaviour had disappeared. Fast forward a month, and Comcast rolls out identical in concept in multiple test markets.
I'll read the draft this weekend. And I'm hoping it discloses exactly how (and where) said redirection methodology is being done. I'm crossing my fingers Sandvine equipment isn't involved.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer. | |
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ | reply to ctg1701a
said by ctg1701a:You should also be aware we are working on an internet draft with many other internet and DNS providers to help get these services more standardized and hopefully not disrupt other services as they have in the past. That's it, instead of complying with the rules, just change them.
--
Team JON. | |
 funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5
1 edit | said by AVD:That's it, instead of complying with the rules, just change them. IETF and ISOC memberships are open and free. Please join.
I have a feeling that this proposed "BCP" (best current practice) will have a problem as the current (don't mess with how DNS works) is probably the best.
ISPs are doing crap like this more and more and, if they're going to do errorvertising, and if DNS users are going to let it slide, then they might as well do it in the most least-impactful, user-friendly way possible. Good on Comcast for giving this a shot -- it's awesome. They could be like many other ISPs and just inflict it on the users.
That said, this was the problem that caused my Windows/Linux name services fail-over to fail to fail-over until I finally figured it out -- that cost me a day of my life I'll never get back. (How's that for a tongue twister?)
--
Robb Topolski -= funchords.com =- District of Columbia -- KJ7RL
Evil does seek to maintain power by suppressing the truth, or by misleading the innocent. --Spock and McCoy stardate 5029.5 | |
|
