OPEN DNS

Author	Message
ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 20372 Credit: 7,508,002 RAC: 20	Message 913243 - Posted: 2 Jul 2009, 11:10:50 UTC - in response to Message 913178. Last modified: 2 Jul 2009, 11:11:07 UTC ... If I then put a server that looks at the requested URL (including the domain name) and serves up advertising, then I can make good money. If you think this is evil, then you understand the problem. It has actually happened. I forgot about this trick, but you're right. It's completely possible to do. MMMmmmm... Only a "trick"? And of no concern?... No concern of standards being abused and corrupted at everyone else's cost? (That is, some servers for DNS give different answers than others for the exact same query?) Regards, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 913243 ·

John McLeod VII Volunteer developer Volunteer tester Send message Joined: 15 Jul 99 Posts: 24806 Credit: 790,712 RAC: 0	Message 913248 - Posted: 2 Jul 2009, 11:17:18 UTC - in response to Message 913178. Or are you telling me that on one DNS server a domain name properly gives a 404 while a different DNS server gives a parked site? Still, sounds like that's a site locally owned by that ISP. That can't be done for all URLs because its impossible to know what URL a user is going to type. Ah, actually, it is. Let's say for the moment that my name is "Stratton Sclavos" and I want to make a lot of money. My company, Verisign, operates the central registry for com. and generates the zone used by the com. top level domains. If I add a record to the zone that says: *.com IN A 100.200.300.400 Then, the top level domain servers will return 100.200.300.400 for every domain that does not exist in .com. If I then put a server that looks at the requested URL (including the domain name) and serves up advertising, then I can make good money. If you think this is evil, then you understand the problem. It has actually happened. I forgot about this trick, but you're right. It's completely possible to do. And Earthlink does do something like this. If you have a miss, it returns a page rather than a 404. Somehow name resolution requests for nodes on my LAN go out to Earthlink FIRST, and if there is a 404 from there, then the local name rssolution takes place. Unfortunately, this fragments the network if the external DNS always returns a page rather than a custom 404 error page. BOINC WIKI ID: 913248 ·

1mp0Â£173 Volunteer tester Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0	Message 913359 - Posted: 2 Jul 2009, 18:39:25 UTC - in response to Message 913243. MMMmmmm... Only a "trick"? And of no concern?... No concern of standards being abused and corrupted at everyone else's cost? (That is, some servers for DNS give different answers than others for the exact same query?) Regards, Martin Not a case of standards being abused, but a case of standards being used for evil instead of good. It is one reason I've made a conscious choice to give Verisign as little money as possible. There is evil beyond Microsoft. It is not unusual for different DNS servers to give different answers for the exact same query. In fact, one of my criticisms of Microsoft is that their DNS server is too consistent. It really comes down to intent. If it is because the primary zone was updated, and the updates haven't reached the secondaries, that's fine. If it is due to outdated caching, that's expected, and it should go away when TTL runs out. If it is due to cache poisoning, or just plain evil (as was the case with Verisign's SiteFinder "service") then it is unacceptable in the extreme. ID: 913359 ·

©2024 University of California

SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.