Must Reads

Bell Redirecting Failed DNS Lookups

For the past week, many people have written to me about Bell's new policy of redirecting failed DNS lookups to a company-sponsored click-ad page.  Slashdot now covers the issue.  Unhappy users can switch to OpenDNS to avoid the policy.

10 Comments

  1. Darryl Moore says:

    Traditional DNS available too
    OpenDNS does the same thing as Bell by default. The only difference is that OpenDNS gives you a better optout option. Theirs is still not perfect though. The problem with opting out is that to work, OpenDNS needs to know your IP address, which means that if you have a dynamic IP you need to run special software at your end to tell OpenDNS when ever your IP changes. Otherwise you will be right back to having your DNS requests hijacked.

    There are other free DNS servers you can use that do not hijack your requests ever. They work the way DNS is suppose too. There are 6 you can choose from at 4.2.2.1 through 4.2.2.6 which are reasonably quick and reliable. There are others too if you google “Public DNS”

    Some software breaks when ISPs stop following standards like this. Part of Net Neutrality has to be that where ever possible ISPs MUST follow established industry standards. There is no excuse not too.

  2. The issue about OpenDNS
    The issue about OpenDNS is that all your lookups are logged and stored for some time. I know that I’d rather see my ISP redirecting failed queries than having some third party know which websites I visit.

  3. Stephen Downes says:

    Rogers has also been doing this for about a year. I’ve complained, but to no avail.

  4. Blaise Alleyne says:

    Rogers Alternate and OpenDNS problems
    @Stephen: Rogers compromised a bit — they’ve got an alternate DNS server that doesn’t hijack failed requests (64.71.255.202).

    OpenDNS does its own redirects, but at least you can turn them off (unclear in the settings, but you basically have to shut off all the “advanced” features). (Unhappy users can switch to OpenDNS and fight with the settings, but super unhappy users can always switch to Teksavvy, which isn’t hijacking failed requests.)

  5. Bell’s lying server
    This is the problem with the “internet,” nothing can be done about this. There is no-one that they are responsible to, there is no one that can “make” them follow the established rules. We can “vote with our feet” but our disconnection only tells them that we stopped liking them for some reason, which they’d just assume is because their customer service is the worst in Canada.

    This change is wrong from a technological point of view because 1) it prevents software installed on your computer from functioning correctly, and 2) the only way to “opt out” isn’t actually an opt-out, its just a redirect that doesn’t show ads.

    The browser cookie that is set by opting out has NO association with the actual DNS request – so software that is not a web browser cannot “opt out” nor even discover that you’re connecting to wrong server, it just gets the IP address for http://www.domainnotfound.ca and expects the content you asked for.

    Thats right, the server LIES. Instead of an electronic equivalent of saying “We’re sorry, the number you have dialed is not in service,” you get a connection. Would this be proper if you misdialled a number and were connected to a line that played you radio commericals?

    This technology could be interesting in the case of an SMTP server that does not require authentication…

  6. “The Ambiguously ___ Duo” -Bell and Rogers 😉
    -at the other end of the not so “Open”DNS it appears:

    “…Many folks are misled by the “Open” part of the trademark “OpenDNS.” It is not open source software. The “Open” in the trademark is mere marketing.
    OpenDNS is hardly ideal. They do DNS redirection to their own advertising, harvesting your typos, and even redirect Google searches to their own servers.
    Here’s a Slashdot thread that discusses OpenDNS somewhat, and you can search for other threads.
    http://slashdot.org/comments.pl?sid=1297613…”

    The “Public DNS” is probably the best and easiest for now, atleast until the CRTC forces Bell and Rogers to smarten up ?-(ya I know, LMAO 🙂
    Isn’t it ironic, we have to point to “PUBLIC” DNS servers to just get fair and equal treatment.? I mean, this is what we ALL have been
    paying Bell, Rogers, …. and other ISP’s for all these years, in the first place. !

    ISP’s “must” supply and maintain the pipes. -and that’s the end of their contol.
    Instead, “redirecting/hijacking” DNS requests to even worse sharks out there ?! its just plain ludicrous.

    alas, like “Darryl” mentioned above “…ISPs MUST follow established industry standards. There is no excuse not too.”
    just RTFM Bell and Rogers.

  7. Well, it could be worse…
    Just be glad they’re not blocking outgoing port 53, like most ISPs today block 25 outgoing and a whole pile of ports incoming…

    The day will likely come. Most ISPs in Canada are scum and really need to be regulated like the telcos.

  8. David Sky ( @seemsArtless ) says:

    Bell Spoofing Firefox and Safari
    I understand the business model Bell is using here, and for many people, the alternative links might be helpful, but what I complained to the Bell Privacy Ombudsman about is the fact that when you ‘opt-out’ of the service, Bell sends you back real looking browser 404 pages (except in Chrome, which it thinks is Safari).

    If nothing else, I’m trying to get Bell to come clean and return a real page, not try and fool people. For screen caps see http://www.skyontech.com/blog/Bell-Canada-domainnotfound-fake-browser-returned

  9. Doug Mehus says:

    Personal Banker at HSBC Bank Canada
    Hi Michael,

    Thank you for confirming that InfoSpace is behind this. I remember reading about InfoSpace’s private-label DNS NXDOMAIN redirection service awhile ago but wondered who they have attracted as clients. Are Rogers, and now Shaw, using this InfoSpace service as well?

    You and your readers may be interested to read a comparative analysis I’ve written a number of months ago on alternative, free recursive DNS providers located below:
    http://doug.mehus.info/post/315092434/public-dns-space-getting-crowded

    Some provide so-called “naked” DNS (that is, alternative DNS service without NXDOMAIN substitution and security enhancements) while others provide varying levels from basic security enhancements to NXDOMAIN substitution to content filtering.

    Cheers,
    Doug

  10. Yes, software breaks
    We had a domain resolution hiccup and lost tracking of public service, emergency services and private company vehicles. The mobile software was configured to fail over to IP-based reporting if DNS resolution failed, but since it was merely REDIRECTED, it didn’t fail and the devices were trying to send their updates to the redirected server. My only consolation was hundreds of hits every few seconds to ports on their spamvertising machines in the interim. This is a lookup… domain name to IP and like the phone advertising, if the domain is NOT registered, then it shouldn’t resolve since legitimately it doesn’t exist. Why should people’s DNS servers be used to resolve unregistered domains to an advertising page? That is tantamount to theft of services from hundreds and thousands of DNS servers around the world.