[dns-operations] charter, sitefinder, opendns (slashdot today)

[Paul Vixie]

> Do we see udp port 53 hijacking as the next step in this ?

yes.  which is why i'm trying to get mark kosters to dust off his plan for
carrying DNS messages inside HTML.  udp/53 and tcp/53 are just transports;
a dns server like BIND could also listen on tcp/80, and if a schema were
well defined and standardized, then folks like opendns could use it.  then
we'll see tcp/443 (https) in order to force isp's to keep their hands off.

naturally i'd've preferred to see DNSSEC, but tactics beat strategy every
day and twice on sunday, so i'm just saying what i expect will really happen.

> I'm curious as to what is the driving factor for doing this was.  Cash from
> advertisements, lower cost of support resources, phishing protection?  Lots
> of software depends on getting a correct DNS response, even if it's
> NXDOMAIN.

my bet is, ad revenue.

> >    One more reason to use OpenDNS, where you can actually opt out of the
> >    custom error page.
> 
> As I mentioned above, how long until Charter's OpenDNS users are forced
> back to the local cache based on port 53 queries.

the moment they see any decline, or lack of growth, in their revenue from
this, and chase the cause back to nonlocal udp/53.