RoadRunner Intercepting Domain Typos

shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.

Interception, first down!

[themushroom]

Roadrunner's not-found page seems roughly as useful as the default MSN Search page that IE puts up automatically if a page can't be found. Which is to say, not very.

But it's still nowhere near as worthwhile as the "what you want, when you want it" domain squatter pages where most of the links are porn and ads. Catch up, Roadrunner!!

ATT does it as well

[B00yah]

They've been doing it for about a year. i always thought it was fairly shady, but they rationalized it by saying other ISPs were doing it as well.

Don't care, I have my own DNS server

[Ars Dilbert]

My DNS server queries root servers directly, so any poisoning by an ISP would not affect my home network.

The Site Finder stunt NetSol/Verisign pulled a few years ago, that was done on the root servers, wasn't it? That was a lot more disruptive than an ISP creating a catch-all DNS zone on their little DNS boxes.

Re:OpenDNS Guide

[idontgno]

And what's your upstream DNS provider? If it's Road Runner, I bet you'll get bogus A records returned, no matter what protocol you intend to use the resulting IP address with. Similarly with OpenDNS, as far as I can tell.

And I hope for your sake you're running a recent version of BIND. That thing is epic in terms of ancient (but now closed) remote exploit opportunities.

Re:My ISP does this too

[ivanmarsh]

My Charter service does the same thing. Leave it to a bunch of marketing nimrods to disable a troubleshooting tool so you can't tell the difference between a page not found, site not found or DNS error.

So... I simply blacklisted Charter's redirection site in my firewall and proxy server.

Actually, OpenDNS is even worse!

[Anti-Trend]

OpenDNS is actually substantially worse. At least Roadrunner is obvious about the fact that you're visiting their servers. With OpenDNS, it seemed they were actually proxying requests for well-known search engines that were *not* typo'd in order to grab stats. Try setting your DNS resolvers to OpenDNS, then dig (or 'nslookup' for you Windows folks) www.google.com. Do a whois on the resulting IPs, and guess who they're registered to... Google? Nope, OpenDNS! At least, last I checked -- that was also the last time I used OpenDNS.

Re:OpenDNS Guide

[Anonymous Coward]

And hope that the provider's DNS servers are not acting as transparent proxies for the root servers....

Re:Actually, OpenDNS is even worse!

[Anonymous Coward]

You're not doing it right.

> dig www.google.com @resolver1.opendns.com

[...]
;; ANSWER SECTION:
www.google.com. 30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.69.34.230
google.navigation.opendns.com. 30 IN A 208.69.34.231
[...]

That's right, OpenDNS not only does the same kind of typo-redirection through DNS as RoadRunner, they also intercept www.google.com URLs. Instead of advertising such a shady service, geeks should show people how to run their own resolvers. It isn't hard at all.

Re:OpenDNS Guide

[MadAhab]

I just programmed my cable modem to use 4.2.2.1-3 for DNS. Problem solved. At work, under a RoadRunner business connection, we've long run our own DNS because the RoadRunner DNS servers have always been just shit.

Suspiciously, however, I didn't turn off the "service". Someone at the other end did it. I refused to give them my phone number, so either they used caller ID to pull up my account without my consent, or they blacked out my cable modem MAC when I started portscanning the server and looking up a hundred variations of www.stopfuckingwithmydnsroadrunnersucksdogballs.com.

All around evil. Cable companies are doing this to boil the Net Neutrality frog, have no doubt about it.

Re:Actually, OpenDNS is even worse!

[raju1kabir]

www.google.com. 30 IN CNAME google.navigation.opendns.com.

Thanks for the heads up. I've just removed OpenDNS from my router's configuration. My ISP's DNS sucks but there are some caching servers at work I can piggyback on.

I wonder if this OpenDNS business explains the error page I've been getting with increasing frequency from Google, something to the effect of my query looking like it came from malware on my computer.