Question about internet ethics? and how DNS is handled.

Joe Greco jgreco at ns.sol.net
Tue Mar 28 16:16:43 UTC 2006


> I would like to get the thoughts of others on the following...
> Say you are an ISP. You run your beautiful DNS servers. :)  Then there is 
> an idea...  Why not place a server in front of the DNS servers.  And 
> every time the user types in an incorrect RR, hijack the session and 
> redirect them to a search page which allows them to search for the 
> mistyped RR.
> 
> Sounding familiar yet?
> 
> I don't want to start a rant, I just want solid ideas and why it is or why 
> it is not a good idea to do.
> 
> Thanks for your thoughts.

Issue 1:

There are no "sessions" in DNS.  You cannot hijack a session, you can only
return arbitrary answers.  Your returning an arbitrary answer might result
in a web browser going to the arbitrary A record you specify, but it might
also result in a mail server trying to connect to it, or a user trying to
telnet to it.  

Issue 2:

What do you do about a name you simply cannot resolve right this *minute*?
Your Internet connection goes down and the whole 'net becomes unresolvable
for a minute.  User tries to go to Google, DNS times out, gets your bogus
answer, and caches it.  Now User can't even get there once the Internet 
comes back...

Issue 3:

Some users already *have* search tools that they use with the Web browser
that allows them to use their own search engine of choice upon receipt of
NXDOMAIN.  You force them to use yours.  You are fundamentally breaking
a large percentage of the ability to determine when something is broke.

Well, anyways, there are a lot of risks with this.  You might want to go
and use Google to read up on what happened when Verisign tried to deploy
SiteFinder.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



More information about the bind-users mailing list