Verizon's DNS Policy May Be Bad, But It's Not A Network Neutrality Violation

from the red-herring dept

While Comcast has been getting a lot of flack for blocking BitTorrent, some network neutrality activists have also been calling out Verizon for the way its DNS servers work. The DNS specification requires that servers return an error if the user tries to look up an invalid domain name. Instead, Verizon's DNS servers re-direct users who mistype an address to a Verizon-branded search page where Verizon gets to display advertising. (Incidentally, my ISP, Charter, does the same thing.) I agree with Ed Felten that this "feature" is obnoxious, especially because it can break applications that expect to receive DNS error messages. But I don't think it's really a network neutrality issue. Verizon's DNS server does not "block, interfere with, discriminate against, impair, or degrade" anyone's access to Internet content or services, which was the standard proposed in last year's Snowe-Dorgan legislation. Users who type correct URLs aren't impeded in any way from accessing the sites they want to visit. Responding to a failed DNS query with a search page is probably a bad idea, but it's very different from "redirecting a user from Google's search page to Verizon's," which the article implies Verizon might do in the future. Moreover, it's worth keeping in mind that you're not required to use your ISP's DNS server at all. ISPs provide DNS servers as a courtesy, the same way they might provide you with a free email account. But you don't have to use it. You're free to point your computer to another DNS server, such as OpenDNS, just as you can use a third-party email service such as GMail. And if you do that, the settings of Verizon's DNS server won't affect you at all. It's definitely fair to criticize Verizon for failing to follow the DNS specification, but calling it a network neutrality issue is a bit of a red herring.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Nov 14th, 2007 @ 9:38pm

    Yeah, but if you switch to OpenDNS, they support themselves by serving their own pages with ads on failed lookups, too. So that's not going to solve any technical problems such "results" might cause in some circumstances and it then becomes an issue of whether you want to give Verizon's ad department your eyeballs or OpenDNS's.

    Now, I do use OpenDNS. I do this because COmcast's DNS servers were RIDICULOUS. For a period of three weeks, I could not reach ANY domain ending in google.com for about six hours (6pm to midnight) every single night. I finally switched to OpenDNS.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Joseph Beck, Nov 14th, 2007 @ 9:46pm

    Unfair

    There's a term for this - typosquatting. It might not be illegal, but it is unethical.

    If someone tries to visit my site but misspells the URL, I want them to see "Page Not Found" and let them try again. But instead they'll see Verizon's page, and some visitors won't understand what has happened or realize that they typed the name wrong.

    This raises trademark issues as well, because Verizon will be able to make money from misspelled trademarked names.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Rob, Nov 14th, 2007 @ 9:50pm

    Shall we start a betting pool on how long until OpenDNS is blocked by the major ISPs?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    matt, Nov 14th, 2007 @ 10:07pm

    Re: opendns

    sure rob, how about never? I'll put 50 bucks on that anyday, because there is absolutely nothing wrong with openDNS, makes it easier on major providers anyway.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Benjamin M. Orsini, Nov 14th, 2007 @ 10:47pm

    Re: Re: opendns

    Verizon makes money on those ads so why wouldn't they block OpenDNS to protect that revenue? A commenter here recently reported Comcast blocking OpenDNS. And back when I had Cox for an ISP for a while they were blocking French ISP's for political reasons. I doubt they would hesitate to block OpenDNS too.

    I wish I had 50 bucks for every time some loud mouth welshed on a 50 buck bet.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    ???, Nov 14th, 2007 @ 11:34pm

    ???

    I use 4.2.2.2 a forwarder now and then it certain situations, and I have never had a page return a verizon search page.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Prodiem, Nov 14th, 2007 @ 11:40pm

    It's kinda bad but..

    I use a list of the root DNS servers period. Comcast and Verizon in my area have dns servers that are hammered. Now, I am using a dns server within my firewall to cache locally.

    It was a purely performance related descision, waiting 20-30 seconds for dns to resolve because providers main dns server went toes up just made the descision easy.

    Netiquette does state not to do this, but I really can't find any better solutions, that have been reliable.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Max Powers, Nov 15th, 2007 @ 12:16am

    Unfair is right

    I had a friend tell me about this problem when he misspelled my website URL but I didn't understand how that could happen.

    I never heard of the term "typosquatting" before today. I learned something new today. And Rob, I think the betting would be too one sided.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    martin, Nov 15th, 2007 @ 2:00am

    The real problem i see with that redirection is not www, but everything else. Mails for instance go to Verizon instead of being bounced.

    @7: That's not just against netiquette, you hurt the network. badly. if everyone who has a dumb provider did this, no one would get resolution at all. It's like phoning up the chief justice because you think your local police force is too slow.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    John, Nov 15th, 2007 @ 3:54am

    You are wrong.

    I just tried it. Typed in some bogus URL on my Verizon FIOS service. Verizon took my attempt and fed it to yahoo search for me automatically. I think they are just trying to help the grandmas who don't know what they are doing.

    The only ads that appear are the ads that normally appear if you type the url in a search engine.

    I think you completely missed the point of what they are doing, and it's yahoo feeding ads, not verizon.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    christopher (profile), Nov 15th, 2007 @ 4:33am

    Umm, I call shenanigans. Verizon DOES block your ability to use 3rd-party mail servers. GMail is web-based, son. A server at a friend's ISP, connecting over port 25, is BLOCKED by Verizon, period end of story.

    Now, I use another port and so go my merry way, but Verizon, having blocked port 25, can block any ports they wish under the same guiding principle. Verizon sets limits.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Tim Lee, Nov 15th, 2007 @ 5:07am

    Re:

    Really? That would be big news if it could be confirmed. I've got Charter, which does the same thing with DNS but doesn't block third-party email.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Mike4, Nov 15th, 2007 @ 5:15am

    I'm curious to try this when I go home tonight. I have Verizon FIOS (no, my house never caught on fire) and I've never noticed this. I wonder if it only applies to DSL.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    tweak, Nov 15th, 2007 @ 5:23am

    It is a well established fact that Verizon blocks ports 25 and 80. However, having said that, I haven't had any trouble with anything, aside from setting up a personal web server. I use GMail through POP3, as well as the web interface, and have email from other non-Verizon providers, and have never had an issue...

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    nedu, Nov 15th, 2007 @ 5:39am

    DNSSEC

    According to the German (.de) Registry DENIC:

    Deployment of DNSSEC for .de is currently constrained by a side effect of DNSSECbis, called "zone walking". Zone walking would allow for anyone to gain access to all names within the de zone, providing keys not only to all registration data but also immediately disclosing all changes to zone data. DENIC as well as other registries (mostly, but not exclusively European ones) regard this side effect as incommensurate with data protection liabilities.

    Nevertheless, DENIC does appear to support DNSSEC in principle.

    Verizon's search, though, gives them a financial incentive to oppose DNSSEC deployment.

    Returning a bogus A record, rather than NSEC, is inconsistent with the DNSSEC design goals.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    A1chemyst, Nov 15th, 2007 @ 5:45am

    Verizon - not a new thing

    This is not something others have not tried:

    VeriSign tried this in 2003 and were creamed in the NetCommunity. There was talk of going to ICANN to appeal Verisign's contract. A patch to BIND was made to prevent teh redirection.

    Microsoft's IE redirects bad URLS to the MSN search, but you can change that in the IE settings.

    Everyone point there system to Verizon's DNS and run a program to send random URL's to the system; a few hundred every minute. That'll shut them down soon enough.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Haywood, Nov 15th, 2007 @ 5:45am

    I'm somewhat baffled as well

    I've had Verizon DSL for years and haven't seen that. Perhaps it is because I use Firefox, but I get the 404 messages & such and don't even know what their search engine looks like.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Steve R. (profile), Nov 15th, 2007 @ 5:45am

    Where is the Demmand that Verizon Stop this Abusiv

    One of my major complaint themes has been that corporations are acting unethically. Many times I have been directed to "fake" websites, either through the result of typographic errors or the simple fact that the website I was seeking no longer exists. I also have found that internet searching has been "corrupted" to return irrelevant results that appear to be relevant. While I can appreciate that corporations need to make money, it is unfortunate that corporations result to these underhanded tactics.

    What I also find unfortunate, is that there is little public criticism of corporations for this abusive and secretive behavior. Sure, Verizon and Comcast are generating a lot of press on the internet and it is recognized that this behavior is abusive, but the public debate seems stuck on arguing the technical minutia of whether or not these companies are or are not violating certain technical standards.

    While this debate is useful it misses the critical points that these companies are not being "transparent" or honest with the public. The "red-herring" in this case is arguing technical minutia to avoid the fact that these companies are not acting in a transparent and open manner. Companies that hide unethical practices should be exposed with demands that these abusive practices be stopped.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Nov 15th, 2007 @ 5:58am

    Re: Where is the Demmand that Verizon Stop this Ab

    Steve,

    If the debate isn't well-grounded in the tech, then it just devolves into bias, prejudice and name-calling.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Tim Lee, Nov 15th, 2007 @ 6:12am

    Re: I'm somewhat baffled as well

    I think this might only happen on their new FiOS network.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Steve R. (profile), Nov 15th, 2007 @ 6:29am

    Re: Re: Where is the Demmand that Verizon Stop thi

    I will agree that tech plays a rule, but you need to look at the results. Results are provable facts too, so it isn't bias and name-calling. If I make a mistake when typing in URL and I get my.unethicalretail.com instead of a message "Please try again" that is clearly factual proof that the the company is using technology to mislead the user.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Nov 15th, 2007 @ 7:11am

    Re:

    Isn't that standard practice? To (somewhat) prevent spoofing email, ISPs require outbound mail to go through in-house servers, but inbound on port 110 can be any source you have access to.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Rich Kulawiec, Nov 15th, 2007 @ 8:16am

    The hazards of presuming

    that "web" and Internet" are synonymous.

    One of the many problems with this ill-conceived idea is that it presumes that DNS is used solely to support HTTP. It's not, of course, and the impact on other protocols can be substantial.

    For example, it is a best practice to refuse mail which purports to be from any host or any domain that does not resolve, or from any IP address which does not resolve to a host.

    To illustrate: I get an incoming SMTP connection from 1.2.3.4. I lookup rDNS for 1.2.3.4; if that lookup fails, I 550 the connection and hang up -- the host has failed to meet minimum requirements for SMTP clients. If that lookup succeeds, I query forward DNS for the hostname I just got back, and 550 the connection if it doesn't resolve. If that test succeeds, and I allow the SMTP conversation to continue, then eventually the other side will specify a sender, say fred@flintstone.example.com. I then look up example.com; if that lookup fails, I 550 the connection and hang up -- it's foolish to accept mail from domains that don't exist. If that lookup succeeds, I pull the MX records for example.com and see if they're valid -- if they point to bogon space, I 550 the connection and hang up, because the message can't be replied to, therefore there is no point in accepting it. I might also check for flintstone.example.com -- is there an MX record for it? Is it covered by a wildcard MX? Is there an A record (so that I can fall back to that in the absence of an MX record)?

    The gist is that these are all basic sanity checks designed to refuse mail that's either (a) obviously bogus or (b) coming from an incorrectly-configured host, since long experience (long painful bitter experience) has shown that the only way to get the attention of operators of such hosts is to make the problems obvious to them. These basic sanity checks have as a desirable byproduct considerable effectiveness against unwanted SMTP traffic. (Which is why some MTAs, e.g. sendmail, include them as easily-configurable options.)

    Now consider what happens to them if someone starts forging DNS replies a la Verizon. Consider further what happens if those forgeries start happening with no warning. And consider still further that this is just one small example with just one of many application protocols that rely on DNS returning what it's supposed to, not what is convenient.

    The bottom line is that this is a really, really bad idea executed by a company that's clearly trying to monetize DNS without regard for the degradation of service it's imposing on its own customers.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Frogskins, Nov 15th, 2007 @ 9:46am

    Re:

    You can call shenanigans all you want about Verizon blocking port 25. They do it because Verizon states quite clearly in the TOS that as a residential customer, you are not permitted to run servers. Sign up for a Verizon business DSL account and they no longer block the ports.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    David Ulevitch, Nov 15th, 2007 @ 10:20am

    Comcast blocking OpenDNS? Nah...

    As for the report above that Comcast was blocking OpenDNS -- we've never heard a single report about it. Probably some other issue related to the individual user in question.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Nov 15th, 2007 @ 11:09am

    Re: Use port 465

    and encryption. It's not that hard to do and if you think that outbound mail can only go over port 25, then you are probably best off sticking to your ISPs email service/server.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Benjamin M. Orsini, Nov 15th, 2007 @ 5:56pm

    Re: Comcast blocking OpenDNS? Nah...

    As for the report above that Comcast was blocking OpenDNS -- we've never heard a single report about it. Probably some other issue related to the individual user in question.

    I'm glad to hear that.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Nov 15th, 2007 @ 6:00pm

    Re: Re:

    Isn't that standard practice? To (somewhat) prevent spoofing email...
    It's more to tie customers to the ISP's e-mail address and make it more difficult for them to switch providers.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Derek Mark Edding, Nov 16th, 2007 @ 5:50am

    The worst thing about typo-squatting, IMO, is that it deprives me of the opportunity to fix the typo and move on. I put in a URL that was off by one letter. Then suddenly the browser is redirected off to some ridiculously long address.

    If the typo was still there I could hit two keys and fix it. Since EarthLink (or Comcast) butted in, I have to start over from scratch. And if I make another typo on the last letter, it's time for some deep breathing exercises... :p

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Mike Fratto, Dec 5th, 2007 @ 5:32pm

    VZ Wierdness

    I am a FiOS customer and they do have a way to disable this feature by manually configuring DNS, but I was researching this while writing up a blog and I found something interesting (at least to me).

    If you type in random text ending in .com or .net, it will send you to a landing page. If you type in key words like camera.photo.lens.kdhfidhufd.com, you get a host not found! There are other non-random names that will return a host not found. I don't think they are using wildcard dns (at least not as specified by rfc 1034), but something else.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    AC, Aug 1st, 2013 @ 3:41pm

    Verizon using DNS to censor sites

    They are now intercepting DNS queries to non-Verizon DNS servers and redirecting the query to the intentionally broken Verizon DNS servers. They are also using DNS to censor parts of websites - nytimes.com - you can reach the base address fine, but attempts to access certain pages are redirected to Verizon's fradulent advert/error page.

    These blocked pages are invariably political in nature.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This