RoadRunner Intercepting Domain Typos 337
shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.
Interception, first down! (Score:4, Interesting)
But it's still nowhere near as worthwhile as the "what you want, when you want it" domain squatter pages where most of the links are porn and ads. Catch up, Roadrunner!!
ATT does it as well (Score:2, Interesting)
Don't care, I have my own DNS server (Score:2, Interesting)
The Site Finder stunt NetSol/Verisign pulled a few years ago, that was done on the root servers, wasn't it? That was a lot more disruptive than an ISP creating a catch-all DNS zone on their little DNS boxes.
Re:OpenDNS Guide (Score:1, Interesting)
And what's your upstream DNS provider? If it's Road Runner, I bet you'll get bogus A records returned, no matter what protocol you intend to use the resulting IP address with. Similarly with OpenDNS, as far as I can tell.
And I hope for your sake you're running a recent version of BIND. That thing is epic in terms of ancient (but now closed) remote exploit opportunities.
Re:My ISP does this too (Score:4, Interesting)
So... I simply blacklisted Charter's redirection site in my firewall and proxy server.
Actually, OpenDNS is even worse! (Score:5, Interesting)
Re:OpenDNS Guide (Score:1, Interesting)
Re:Actually, OpenDNS is even worse! (Score:1, Interesting)
> dig www.google.com @resolver1.opendns.com
[...]
www.google.com. 30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.69.34.230
google.navigation.opendns.com. 30 IN A 208.69.34.231
[...]
That's right, OpenDNS not only does the same kind of typo-redirection through DNS as RoadRunner, they also intercept www.google.com URLs. Instead of advertising such a shady service, geeks should show people how to run their own resolvers. It isn't hard at all.
Re:OpenDNS Guide (Score:5, Interesting)
Suspiciously, however, I didn't turn off the "service". Someone at the other end did it. I refused to give them my phone number, so either they used caller ID to pull up my account without my consent, or they blacked out my cable modem MAC when I started portscanning the server and looking up a hundred variations of www.stopfuckingwithmydnsroadrunnersucksdogballs.com.
All around evil. Cable companies are doing this to boil the Net Neutrality frog, have no doubt about it.
Re:Actually, OpenDNS is even worse! (Score:3, Interesting)
Thanks for the heads up. I've just removed OpenDNS from my router's configuration. My ISP's DNS sucks but there are some caching servers at work I can piggyback on.
I wonder if this OpenDNS business explains the error page I've been getting with increasing frequency from Google, something to the effect of my query looking like it came from malware on my computer.