[dns-operations] "RoadRunner Intercepting Domain Typos" (slashdot)

Brian Reid Brian_Reid at isc.org
Wed Feb 27 01:25:17 UTC 2008


> when typing in a bogus fqdn

Much more scary to me is when this happens upon typing a real fqdn.
I've been seeing this in most hotels for about the last 6 months. iBahn is the worst offender, but there are others.

Here's the scenario:

1) I turn on my laptop in the hotel and its DHCP server issues me an address and some name servers.

2) I try to look at, say, http://mercurynews.com/

3) The hotel's internet service utterly sucks. No, it sucks worse than that. Everything is hideously slow. I'm sharing a DSL connection with 600 other people who just got home from their workday and are all trying to get online at the same time.

4) Its so damn slow that the resolver times out before it is able to get a reply for mercurynews.com

5) The resolver says "Hm. That person typed a bogus fqdn. Why don't I return the address of my moneymaking page full of advertisements."

6) My laptop is given the address of a domain parking page as the answer to the mercurynews.com query. The response has a 24-hour TTL.

At this point my laptop has cached a copy of the bogus address for mercurynews.com with a 24-hour TTL, and I'm locked out of the website unless I reboot or go after it with bit pliers.

My current favorite way of getting past this problem is to use dig to find the real address and then put it into /etc/hosts. I could also run my own full resolver on the laptop, but then I'd have to manually muck with what DHCP told me, and that's a nuisance.

The most surreal manifestation of this problem is to be looking at a website and click on an internal link that references a subdomain; for example, if I click on "Weather" it goes to weather.mercurynews.com. I go from looking at the website to looking at a parking page full of advertisements when I click on what is supposed to be an internal link.

It's gotten to be so bad that I try, wherever possible, to choose a hotel that does not use iBahn, but that's not always possible.





More information about the dns-operations mailing list