Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet Networking The Almighty Buck

RoadRunner Intercepting Domain Typos 337

shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.
This discussion has been archived. No new comments can be posted.

RoadRunner Intercepting Domain Typos

Comments Filter:
  • OpenDNS Guide (Score:5, Insightful)

    by Anonymous Coward on Tuesday February 26, 2008 @02:27PM (#22561330)

    or they can just use OpenDNS
    But OpenDNS does the exact same thing [opendns.com]!
    • Re:OpenDNS Guide (Score:5, Informative)

      by jagilbertvt ( 447707 ) on Tuesday February 26, 2008 @02:29PM (#22561370)
      This has actually been going on for a few weeks now for New York area customers. However, there is an opt-out option that comes up on the page that comes up. I'm not quite sure how it tracks those opt-outs (by ip address perhaps?), as I didn't delve into it too deeply.

    • Re:OpenDNS Guide (Score:5, Insightful)

      by mrbcs ( 737902 ) on Tuesday February 26, 2008 @02:30PM (#22561400)
      Yes, but the difference is that YOU get control of how these are handled, not your ISP.
    • Re: (Score:2, Insightful)

      by STrinity ( 723872 )
      But it's Open, which means it can't be doing anything wrong.
    • by Anti-Trend ( 857000 ) on Tuesday February 26, 2008 @03:07PM (#22562022) Homepage Journal
      OpenDNS is actually substantially worse. At least Roadrunner is obvious about the fact that you're visiting their servers. With OpenDNS, it seemed they were actually proxying requests for well-known search engines that were *not* typo'd in order to grab stats. Try setting your DNS resolvers to OpenDNS, then dig (or 'nslookup' for you Windows folks) www.google.com. Do a whois on the resulting IPs, and guess who they're registered to... Google? Nope, OpenDNS! At least, last I checked -- that was also the last time I used OpenDNS.
      • Not for me:

        linux:~ $ dig google.com @

        ; <<>> DiG 9.3.2 <<>> google.com @
        ; (1 server found)
        ;; global options: printcmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28096
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

        ;google.com. IN A

        ;; ANSWER SECTION:
        google.com. 219 IN A
        google.com. 219 IN A
        google.com. 219 IN A 72.1

        • Yup, still works for me:

          $ dig @ www.google.com

          ; <<>> DiG 9.4.2 <<>> @ www.google.com
          ; (1 server found)
          ;; global options: printcmd
          ;; Got answer:
          ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6858
          ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

          ;; QUESTION SECTION:
          ;www.google.com. IN A

          ;; ANSWER SECTION:
          www.google.com. 30 IN CNAME google.navigation.opendns.com.
          google.navigation.opendns.com. 30 IN A

          • Re: (Score:3, Informative)

            Note the difference in your two queries:

            dig @ www.google.com

            dig google.com @
            You're both correct.
          • Re: (Score:3, Insightful)

            by Albanach ( 527650 )
            Ah, you went for www.google.com which they seem to intercept, I went for google.com which they ignore (or did until they read this I guess).

            Can't say routinely type in the www for any website - and get frustrated with the few sites that bork when you skip it. Nonetheless, the firefox search bar sends queries to www.google.com so this would hit quite a few folk if they use opendns.
          • Re: (Score:3, Interesting)

            by raju1kabir ( 251972 )

            www.google.com. 30 IN CNAME google.navigation.opendns.com.

            Thanks for the heads up. I've just removed OpenDNS from my router's configuration. My ISP's DNS sucks but there are some caching servers at work I can piggyback on.

            I wonder if this OpenDNS business explains the error page I've been getting with increasing frequency from Google, something to the effect of my query looking like it came from malware on my computer.

      • by MadUndergrad ( 950779 ) on Tuesday February 26, 2008 @04:00PM (#22562978)
        OpenDNS has a blog post explaining why they're doing that: http://blog.opendns.com/2007/05/22/google-turns-the-page [opendns.com]
        • Re: (Score:3, Insightful)

          by Anti-Trend ( 857000 )
          Still, the fact that they are hijacking the forward lookup without indicating that its hijacked is all wrong to me. If I can't trust OpenDNS to just resolve a site to the correct IP address, I don't really care about their justifications. It's simply no longer an option for me. I suspect a lot of others feel the same way.
  • And? (Score:3, Informative)

    by Anonymous Coward on Tuesday February 26, 2008 @02:29PM (#22561364)
    Verizon DSL does this too. I don't see how this is a story.
    • Re: (Score:2, Funny)

      Yup. I noticed Verizon doing this a couple months ago. It didn't even cross my mind to submit it as a newsworthy story, though.
    • Re: (Score:3, Informative)

      by daichiasuka ( 680038 )
      Verizon does this for FiOS service as well, and this certainly isn't anything new. Verizon also offers the option to opt-out [verizon.net] of this "service" by changing your DNS servers.
    • I noticed this the other day, and IIRC they also had Yahoo adverts in there with the Yahoo search links, seeing as how they're partnered with Yahoo. If that's what starts to become the norm, then I've got a problem with it. It's bad enough that people have to pay the fees that they do, but to then have the ISP shove advertisements -- or have an excellent outlet with which to shove advertisements -- to customers who are already paying (or in some cases, like Comcast, overpaying) for their Internet connecti
    • Here's why: (Score:5, Insightful)

      by NeutronCowboy ( 896098 ) on Tuesday February 26, 2008 @03:55PM (#22562898)
      It means that ISPs intercept server requests and redirect the user to a different server. In this particular case, you're right - whether I get Firefox to display a 404 message or a page from RR, Verizon or any DSL that essentially says "This site doesn't exist, but try searching through here" doesn't matter to me. I'll just type the address in again.

      However, there is one instance where this issue matters right now: a lot of site monitoring still relies on pings or basic server lookups to figure out whether the server is up and running. This feature would immediately screw with that kind of monitoring. Basically, you cannot assume anymore that because a dns lookup or a ping returns a positive result that the server with that hostname is actually alive or in the DNS tables. Yes, there are ways around that, but it basically breaks one of the central tenets of the internet: the intelligence is on the edge of the network, and everything in between is just a packet forwarder.

      More significantly though is that it redirects a user to a place that wasn't requested. Basically, it means that from a technological perspective, this no different than RR or Verizon taking my request to www.google.com and redirecting it to their own search page. See why this can easily become a very, very big deal? I can guarantee you that this is a trial balloon by the ISPs to see how users react to this. If this goes through, expect that at some point in the future, you will have to jump through hoops to get to the site you want, and not the site your ISP thinks you ought to want.

      This is another problem that will most likely have to be enshrined in actual law: ISPs shall not take a request and redirect it elsewhere. The potential for and likelihood of abuse is just too large otherwise.

      Welcome to the intelligent network. It'll be a nightmare.
  • by esocid ( 946821 ) on Tuesday February 26, 2008 @02:30PM (#22561388) Journal
    They just throttle my connection until it fails.
    • hahaha,
      but it doesn't matter how slow my torrents run, if I am running a bittorrent client unencrypted, my Time Warner connection always ground to a halt. I just canceled with Time Warner and switched to U-Verse. The guy on the phone told me "just be sure I bring that modem back whenever it's convenient". When I did five days later, the idiot at the desk told me she was going to change the date I disconnected to the day I returned the stupid modem. Even though the service did not work this week because
  • by Hungus ( 585181 )
    I noticed this happening a couple of weeks ago in the DFW area at a few clients houses and then my own. Obviously I disabled it immediately but it is still very annoying to say the least.
  • Don't most ISPs in the US do this?
    • by pembo13 ( 770295 )
      I would certainly hope not.
    • Not to my knowledge. This is definitely a first for RoadRunner; I've been with them for several years now, and haven't seen anything like this.
    • by omeomi ( 675045 )
      No, Comcast doesn't.

      Just noticed that somebody has already registered jkshdfkljh23sadf.com. Way to go Mr. Private, Registration...
    • I know one of the few good things about AT&T's DSL service is that they don't do this yet. Although, I do run BIND locally. I'm wondering what's stopping $evil_ISP_that_typosquats_on_DNS from redirecting all UDP traffic over port 53 to their own DNS resolvers, other than making power users angry.
  • I noticed that they were doing it. Was going to mention it to my local LUG, but /. beat me to it -- procrastination, what can I say.
  • by daveywest ( 937112 ) on Tuesday February 26, 2008 @02:31PM (#22561420)
    Seems like I should be registering this and pointing it to my porn/phishing site right now.
    • You inspired me to try a few out of curiosity. Not surprisingly asdf.com as well as asdfg.com and asdfgh.com are all registered.

      I actually laughed when one of them served an ad titled "Learn how to type".
    • Somebody has already registered:

      Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
      Domain Name: JKSHDFKLJH23SADF.COM
      Created on: 26-Feb-08
      Expires on: 26-Feb-09
      Last Updated on: 26-Feb-08

  • by Galaga88 ( 148206 ) on Tuesday February 26, 2008 @02:32PM (#22561440)
    My local ISP (Insight in Evansville, Indiana) does the same thing. Even worse, when you 'opt-out' of their URL redirection, they instead redirect you to a fake IE error page. Slimy.
    • by ivanmarsh ( 634711 ) on Tuesday February 26, 2008 @02:56PM (#22561832)
      My Charter service does the same thing. Leave it to a bunch of marketing nimrods to disable a troubleshooting tool so you can't tell the difference between a page not found, site not found or DNS error.

      So... I simply blacklisted Charter's redirection site in my firewall and proxy server.
    • I don't understand why you think the fake IE error page is slimy. That's a side effect of the method they use to opt you out. When you opt out they probably store a cookie on your browser that says you opted out. The DNS server has no way of knowing if you opted out so it always redirects to the same "typo" server which then checks your cookie and displays an error for you.
  • by Oxy the moron ( 770724 ) on Tuesday February 26, 2008 @02:33PM (#22561460)

    ... if it were opt-in and not opt-out. I would like to think that the majority of Internet users who don't use Slashdot have no idea about what actually happens when you type in www.dlibert.com, for example.

    Send an e-mail to your subscribers and let them enable the feature if they so desire, but don't force it on your userbase.

    • by raehl ( 609729 )
      The user base is dumb.

      One of the things most Internet Service Provider customers are paying for is... well, service. While I'm sure most of the Slashdot audience finds this service annoying, for MOST people on the internet, the resulting page is probably better for them than a blank error page.

      And, opt-in is a lousy way to institute change. If you make the change, and let people opt out, everyone who the change helps will get it and everyone who doesn't like the change will opt-out, at the cost of the inc
  • by themushroom ( 197365 ) on Tuesday February 26, 2008 @02:34PM (#22561472) Homepage
    Roadrunner's not-found page seems roughly as useful as the default MSN Search page that IE puts up automatically if a page can't be found. Which is to say, not very.

    But it's still nowhere near as worthwhile as the "what you want, when you want it" domain squatter pages where most of the links are porn and ads. Catch up, Roadrunner!!

  • ATT does it as well (Score:2, Interesting)

    by B00yah ( 213676 )
    They've been doing it for about a year. i always thought it was fairly shady, but they rationalized it by saying other ISPs were doing it as well.
  • by Otter ( 3800 ) on Tuesday February 26, 2008 @02:35PM (#22561498) Journal
    To see if this has been enabled in your area, try visiting www.jkshdfkljh23sadf.com (or something else random) in your web browser.

    Are there failed DNS requests any more? I'd thought every combination of characters had its own ad farm by now. If the last few unused ones now also direct to some random ads, I doubt I'd even notice.

    Who clicks on those things, anyway? You land on ebaaaaaay.com when your 'a' key sticks and think "Yes, I do want a beautiful Russian bride!"?

  • QUICK (Score:2, Funny)

    by p3on ( 1245484 )
    • They just started doing it in Pittsburgh as well. The first time I noticed it was about a week ago, but I have been travelling a lot so it could have changed a few weeks ago.
  • My DNS server queries root servers directly, so any poisoning by an ISP would not affect my home network.

    The Site Finder stunt NetSol/Verisign pulled a few years ago, that was done on the root servers, wasn't it? That was a lot more disruptive than an ISP creating a catch-all DNS zone on their little DNS boxes.
  • Can someone explain why I should care? It seems wrong. But not enough to get worked up about. No redirection from the correct page (typo was my fault), just wasting my time waiting for the content to download so that I know I typed a address wrong. I'd rather they didn't do it, but this seems the least of my worries.
    • by hal9000(jr) ( 316943 ) on Tuesday February 26, 2008 @03:24PM (#22562348)
      I care because if I typo an address, I can click in the URL bar and edit it. When I am redirected to a f*cking helpful search page, I can't do that anymore. I have to select, cut, edit, a whole GET string. It's a pain in the ass. Also, some people use other network enabled stuff than a browser.

      I have FiOS at home and luckily VZ has an opt out if you want to go configure your DNS manually in your router.
  • Wasn't there a registrar (I want to say Network Solutions) that was doing the same thing, only it was regardless of whatever connection you were using?
    • by Todd Knarr ( 15451 ) on Tuesday February 26, 2008 @03:04PM (#22561972) Homepage

      There was. What TW's doing is more pernicious, though. When NetSol was doing it, they were returning the A records directly from their first-level nameservers. BIND's no-delegation option can deal with that, because those first-level nameservers aren't supposed to be returning A records and BIND can translate those response into proper NX responses. With TW, since their DNS servers are supposed to be returning A records, there's no way to tell whether a particular affirmative response is valid or invalid. The only way to fix the problem is to cut TW's servers out of the loop entirely. All well and good, until of course TW either starts blocking all traffic to port 53 that's not to their DNS servers (like they do with outbound to port 25 now) or silently redirecting all DNS queries to their servers. Note that both of these are trivial, my own firewall has (commented-out) rules for both and neither takes more than about 3 lines.

  • Yet another one (Score:4, Informative)

    by MobyDisk ( 75490 ) on Tuesday February 26, 2008 @02:46PM (#22561672) Homepage
    I use Cavalier Telephone DSL [cavtel.net] and they've been doing this for years. I called them about it and they suggested that I use alternate DNS servers. Nobody has complained, nobody even cares. IMHO, this is another network neutrality-type issue. Followed the protocols, provide access - don't reroute/intercept/redirect me. (FYI to anyone else using them - they monitor your BitTorrent downloads too.)
    • by LMacG ( 118321 )
      They "monitor" my BT downloads in what way? I had a full-season of Torchwood long before BBC-A decided to show it over here, and some other titles which shall remain unspecified. Never had a problem with speed, never had the CavTel goons knocking on my door . . .
      • by MobyDisk ( 75490 )
        I had my service turned-off by them, and when I called, they told me it was because I downloaded a TV show over P2P. They accurately told me the file name that I downloaded and the date that I did it. F'n scary. It's especially frustrating because I am Mr. Anti-Piracy -- but I was watching a series and missed an episode and I didn't want to fall behind...
        • by EXMSFT ( 935404 )
          Sounds like you might want to choose another communications carrier/medium...
        • by Tronster ( 25566 )
          I use cavtel, and too have faced their own special redirection page. Thanks Cavtel.
          Didn't know about monitoring bitorrents though. (I don't have Tivo, and so the option to view a missed show is attractive.) I suppose this isn't illegal... although it does feel a lot like wiretapping.

          I wonder if Verizon FIOS is any better in terms of privacy. (Comcast, the only other non-dial up option isn't even up for debate.)
  • Never noticed that before, what a PITA. dam
  • HAHAHA (Score:5, Informative)

    by GodCandy ( 1132301 ) on Tuesday February 26, 2008 @02:48PM (#22561704)
    How ironic... someone registered www.jkshdfkljh23sadf.com as a parked domain. Wow these ppl need help.
  • I never quite realized it until now though. Its been happening lately and now i know what it is.
  • by Einer2 ( 665985 ) on Tuesday February 26, 2008 @02:51PM (#22561752)
    As far as I can tell, it started in Los Angeles sometime in the last few weeks.
  • by Dogun ( 7502 )
    You know, any and all future network protocol RFCs should mandate the blacklisting of networks that choose not to comply.
  • Everyone just uses Google's results anyway - but with Google's resources, they could have the snappiest, speediest DNS... plus they could probably come up with some cool innovation that I can't even imagine right now that would make their pages returned from domain typos worth getting. I dunno, something so cool that we'd be mistyping domain names on purpose.

    As it is, I changed to openDNS when Verizon pulled this crap, also because Verizon wasn't returning some blog or whatever (can't remember)... but even

  • I spent about half an hour on the phone with them to complain when I first noticed this last week. Nobody that they let us unimportant residential customers talk to even knew what a DNS server was, but the rep talked with me until she got enough down on paper that she could use to file a complaint to the higher-ups. Hopefully if enough people do this, they will stop.

    Oh, wait, they have a government granted monopoly. My only alternatives are slow and really slow.

    Call and complain to your elected representati
  • When I type in a domain, I recognize if I made a typo and went to the wrong page or not. I recognize if it's one of those ad domains and then go back and type it right, or do a google search if in case I didn't know the proper spelling or simply didn't know the right address.

    But what does the average user do? Do they properly question the website they are on? Do stop and go back and try another site? Not all of them. Many will start clicking on these links, waste time, and be led in circles. They migh
  • The internet is really big. You can help their DNS servers by caching it all. while true; do host eatit$RANDOM$RANDOM.com& sleep 0.1; done
  • OK, what's the IP address of the ad site they send you to? Add that to block lists.

  • First they came for the news group users,
    and I didn't speak up,
    because I didn't use news groups.

    Then they came for the torrenters,
    and I didn't speak up,
    because I didn't torrent.

    Then they came for the bandwidth hogs,
    and I didn't speak up,
    because I wasn't on Comcast.

    Then they came for my dns,
    and by that time there was no one
    left to speak up for me.
  • The central remedy to AT&T's abuse of its old telco monopoly was splitting long distance service from local service, and prohibiting one corp from bundling both to a single customer (the return of telco monopolies along with that bundling is case in point). That unbundling forced customers to exercise choice in telcos, and not leave choice just a theoretical construct. AT&T was also forced to let customers own their own phones, even the phone wiring in their house. Once the bundled advantage was los
  • by pslam ( 97660 ) on Tuesday February 26, 2008 @05:04PM (#22563928) Homepage Journal
    For those that don't get it yet: this breaks every other protocol that isn't HTTP.

    Sigh, and for those who still don't get it: HTTP is what your web browser uses to get web pages.

    All those who are spouting "it's useful" or "I don't understand what the fuss is" or "why can't they do it?"... you simply don't understand the issues and shouldn't be commenting.

Logic is the chastity belt of the mind!