[TriLUG] Frontier doing packet inspection?

Jeff The Riffer riffer at vaxer.net
Sat Dec 7 12:58:28 EST 2013


Realized I should probably provide a bit more detail on this since there's 
bound to be a bit of confusion...

This sort of redirection occurs because you enter a domain name that does 
not resolve to DNS. A resolving DNS server will respond with a NAK when it 
can't resolve the hostname for whatever reason.
If you are using the DNS servers run by your ISP (which most everyone does), 
then what happens is the resolving server doesn't return the NAK to you, the 
user. Instead it returns an IP address for a server run by the ISP. That 
server is configured to run a webpage that displays the "Oh hey we couldn't 
find that domain name but here's some ads and search stuff for you".

None of that requires packet inspection, it's just configurations on the DNS 
servers and setting up a webserver that uses a wildcard virtual host 
configuration. An amusing side-effect of that is ANY hostname will display 
the ISP's search page. Like "IwantToKillThePresident.com" or 
"WeLikePedophiles.org" or the like. Another side-effect is it breaks a lot 
of automation done in the business world, such as testing to see if DNS is 
working or not!


Some ISPs do perform actual interception, where they look at DNS queries you 
send to other nameservers and if they see a NAK response sent to you they 
try and replace it with their response. That's not as reliable though, but 
is a lot more scummy in my opinion.

In a nutshell: Never use anyone else's DNS server but your own. Not your 
ISP's, not Google, not even your absolute best friend in the world. Just 
install bind on something in your local network and use it.



  ####################==============---- ----==============####################
#     riffer at vaxer.net - Jeff The Riffer - Drifter... - Homo Postmortemus     #
# Disclaimer: I am not a number, I am a free man, and my thoughts are my own. #
# GCS$ d-- H++ s:++ !g p+ au0 a34 w+ v?(*) C++ UA P? L 3 E---- N++ K- W-- M+ V#
# po--- Y+ t+ 5+ !j R G' tv b+ D++ B--- e+ u--- h--- f+ r+++ n- y+++*         #



More information about the TriLUG mailing list