Rogers Breaks DNS
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Sun Jul 20 15:31:15 UTC 2008
| From: James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org>
| Colin McGregor wrote:
| > Just to note, Rogers has decided to break DNS. As of now any trip to a
| > website with an invalid URL and you will be taken to a Rogers/Yahoo
| > search website (with Rogers adverts.). I have called, complained and
| > been told "that is the way it is supposed to work".
!!!!
Bad Rogers. Bad bad Rogers.
| It is possible to turn it off, by going to options.search.rogers.com.
| <http://options.search.rogers.com> However, it does so by leaving a cookie on
| your computer.
I don't understand this. My DNS queries don't come from a browser,
they come from a caching name server. How can Rogers look for cookies
in my caching name server?
I just did a few experiments.
Summary:
- The crap answers are real crap. Not even under Rogers control.
- If you query via TCP, you don't get the crap.
Rogers does seems to generate crap answers.
I'm using "-t a" because otherwise host(1) will sometimes also query
for AAA and MX records -- this is not documented in the manpage so I
had to figure it out using tcpdump. Grrr.
$ host -t a www.xxxqqqyyy.com 64.71.255.198
Using domain server:
Name: 64.71.255.198
Address: 64.71.255.198#53
Aliases:
www.xxxqqqyyy.com has address 8.15.7.107
www.xxxqqqyyy.com has address 63.251.179.17
www.xxxqqqyyy.com has address 65.200.200.47
But if you query via TCP (instead of the normal UDP) you get good
answers:
$ host -t a -T www.xxxqqqyyy.com 64.71.255.198
Using domain server:
Name: 64.71.255.198
Address: 64.71.255.198#53
Aliases:
Host www.xxxqqqyyy.com not found: 3(NXDOMAIN)
dig(1) gives some gory details of the crap:
$ dig @64.71.255.198 www.xxxqqqyyy.com a
; <<>> DiG 9.3.4-P1 <<>> @64.71.255.198 www.xxxqqqyyy.com a
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56631
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.xxxqqqyyy.com. IN A
;; ANSWER SECTION:
www.xxxqqqyyy.com. 60 IN A 8.15.7.107
www.xxxqqqyyy.com. 60 IN A 63.251.179.17
www.xxxqqqyyy.com. 60 IN A 65.200.200.47
;; AUTHORITY SECTION:
www.xxxqqqyyy.com. 65535 IN NS WSC2.JOMAX.NET.
www.xxxqqqyyy.com. 65535 IN NS WSC1.JOMAX.NET.
;; Query time: 74 msec
;; SERVER: 64.71.255.198#53(64.71.255.198)
;; WHEN: Sun Jul 20 10:33:53 2008
;; MSG SIZE rcvd: 139
These crap answers are not "owned" by Rogers.
None of the IP addresses in the answer A records are reverse mapped.
whois on each is interesting.
8.15.7.107:
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255
Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1)
8.15.7.96 - 8.15.7.127
63.251.179.17:
Internap Network Services Corporation NETBLK-PNAP-11-99 (NET-63-251-0-0-1)
63.251.0.0 - 63.251.255.255
Internet Search Services INAP-DEN-INTERNETSEARCH-16579 (NET-63-251-179-0-1)
63.251.179.0 - 63.251.179.63
65.200.200.47:
MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1)
65.192.0.0 - 65.223.255.255
Paxfire, Inc. UU-65-200-200-32-D4 (NET-65-200-200-32-1)
65.200.200.32 - 65.200.200.63
JOMAX.NET.:
[Querying whois.godaddy.com]
[whois.godaddy.com]
No match for "JOMAX.NET." in the registrar database.
A few more experiments show that xxxqqqyyy.com gets the same results
as www.xxxqqqyyy.com.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list