Verizon's DNS Policy May Be Bad, But It's Not A Network Neutrality Violation

from the red-herring dept

While Comcast has been getting a lot of flack for blocking BitTorrent, some network neutrality activists have also been calling out Verizon for the way its DNS servers work. The DNS specification requires that servers return an error if the user tries to look up an invalid domain name. Instead, Verizon's DNS servers re-direct users who mistype an address to a Verizon-branded search page where Verizon gets to display advertising. (Incidentally, my ISP, Charter, does the same thing.) I agree with Ed Felten that this "feature" is obnoxious, especially because it can break applications that expect to receive DNS error messages. But I don't think it's really a network neutrality issue. Verizon's DNS server does not "block, interfere with, discriminate against, impair, or degrade" anyone's access to Internet content or services, which was the standard proposed in last year's Snowe-Dorgan legislation. Users who type correct URLs aren't impeded in any way from accessing the sites they want to visit. Responding to a failed DNS query with a search page is probably a bad idea, but it's very different from "redirecting a user from Google's search page to Verizon's," which the article implies Verizon might do in the future. Moreover, it's worth keeping in mind that you're not required to use your ISP's DNS server at all. ISPs provide DNS servers as a courtesy, the same way they might provide you with a free email account. But you don't have to use it. You're free to point your computer to another DNS server, such as OpenDNS, just as you can use a third-party email service such as GMail. And if you do that, the settings of Verizon's DNS server won't affect you at all. It's definitely fair to criticize Verizon for failing to follow the DNS specification, but calling it a network neutrality issue is a bit of a red herring.

Filed Under: ,
Companies: verizon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Verizon's DNS Policy May Be Bad, But It's Not A Network Neutrality Violation”

Subscribe: RSS Leave a comment
31 Comments
Anonymous Coward says:

Yeah, but if you switch to OpenDNS, they support themselves by serving their own pages with ads on failed lookups, too. So that’s not going to solve any technical problems such “results” might cause in some circumstances and it then becomes an issue of whether you want to give Verizon’s ad department your eyeballs or OpenDNS’s.

Now, I do use OpenDNS. I do this because COmcast’s DNS servers were RIDICULOUS. For a period of three weeks, I could not reach ANY domain ending in google.com for about six hours (6pm to midnight) every single night. I finally switched to OpenDNS.

Joseph Beck says:

Unfair

There’s a term for this – typosquatting. It might not be illegal, but it is unethical.

If someone tries to visit my site but misspells the URL, I want them to see “Page Not Found” and let them try again. But instead they’ll see Verizon’s page, and some visitors won’t understand what has happened or realize that they typed the name wrong.

This raises trademark issues as well, because Verizon will be able to make money from misspelled trademarked names.

Benjamin M. Orsini says:

Re: Re: opendns

Verizon makes money on those ads so why wouldn’t they block OpenDNS to protect that revenue? A commenter here recently reported Comcast blocking OpenDNS. And back when I had Cox for an ISP for a while they were blocking French ISP’s for political reasons. I doubt they would hesitate to block OpenDNS too.

I wish I had 50 bucks for every time some loud mouth welshed on a 50 buck bet.

Prodiem says:

It's kinda bad but..

I use a list of the root DNS servers period. Comcast and Verizon in my area have dns servers that are hammered. Now, I am using a dns server within my firewall to cache locally.

It was a purely performance related descision, waiting 20-30 seconds for dns to resolve because providers main dns server went toes up just made the descision easy.

Netiquette does state not to do this, but I really can’t find any better solutions, that have been reliable.

martin says:

The real problem i see with that redirection is not www, but everything else. Mails for instance go to Verizon instead of being bounced.

@7: That’s not just against netiquette, you hurt the network. badly. if everyone who has a dumb provider did this, no one would get resolution at all. It’s like phoning up the chief justice because you think your local police force is too slow.

John says:

You are wrong.

I just tried it. Typed in some bogus URL on my Verizon FIOS service. Verizon took my attempt and fed it to yahoo search for me automatically. I think they are just trying to help the grandmas who don’t know what they are doing.

The only ads that appear are the ads that normally appear if you type the url in a search engine.

I think you completely missed the point of what they are doing, and it’s yahoo feeding ads, not verizon.

christopher (profile) says:

Umm, I call shenanigans. Verizon DOES block your ability to use 3rd-party mail servers. GMail is web-based, son. A server at a friend’s ISP, connecting over port 25, is BLOCKED by Verizon, period end of story.

Now, I use another port and so go my merry way, but Verizon, having blocked port 25, can block any ports they wish under the same guiding principle. Verizon sets limits.

nedu says:

DNSSEC

According to the German (.de) Registry DENIC:

Deployment of DNSSEC for .de is currently constrained by a side effect of DNSSECbis, called “zone walking”. Zone walking would allow for anyone to gain access to all names within the de zone, providing keys not only to all registration data but also immediately disclosing all changes to zone data. DENIC as well as other registries (mostly, but not exclusively European ones) regard this side effect as incommensurate with data protection liabilities.

Nevertheless, DENIC does appear to support DNSSEC in principle.

Verizon’s search, though, gives them a financial incentive to oppose DNSSEC deployment.

Returning a bogus A record, rather than NSEC, is inconsistent with the DNSSEC design goals.

A1chemyst says:

Verizon - not a new thing

This is not something others have not tried:

VeriSign tried this in 2003 and were creamed in the NetCommunity. There was talk of going to ICANN to appeal Verisign’s contract. A patch to BIND was made to prevent teh redirection.

Microsoft’s IE redirects bad URLS to the MSN search, but you can change that in the IE settings.

Everyone point there system to Verizon’s DNS and run a program to send random URL’s to the system; a few hundred every minute. That’ll shut them down soon enough.

Steve R. (profile) says:

Where is the Demmand that Verizon Stop this Abusiv

One of my major complaint themes has been that corporations are acting unethically. Many times I have been directed to “fake” websites, either through the result of typographic errors or the simple fact that the website I was seeking no longer exists. I also have found that internet searching has been “corrupted” to return irrelevant results that appear to be relevant. While I can appreciate that corporations need to make money, it is unfortunate that corporations result to these underhanded tactics.

What I also find unfortunate, is that there is little public criticism of corporations for this abusive and secretive behavior. Sure, Verizon and Comcast are generating a lot of press on the internet and it is recognized that this behavior is abusive, but the public debate seems stuck on arguing the technical minutia of whether or not these companies are or are not violating certain technical standards.

While this debate is useful it misses the critical points that these companies are not being “transparent” or honest with the public. The “red-herring” in this case is arguing technical minutia to avoid the fact that these companies are not acting in a transparent and open manner. Companies that hide unethical practices should be exposed with demands that these abusive practices be stopped.

Steve R. (profile) says:

Re: Re: Where is the Demmand that Verizon Stop thi

I will agree that tech plays a rule, but you need to look at the results. Results are provable facts too, so it isn’t bias and name-calling. If I make a mistake when typing in URL and I get my.unethicalretail.com instead of a message “Please try again” that is clearly factual proof that the the company is using technology to mislead the user.

Rich Kulawiec says:

The hazards of presuming

that “web” and Internet” are synonymous.

One of the many problems with this ill-conceived idea is that
it presumes that DNS is used solely to support HTTP. It’s not,
of course, and the impact on other protocols can be substantial.

For example, it is a best practice to refuse mail which purports
to be from any host or any domain that does not resolve, or from
any IP address which does not resolve to a host.

To illustrate: I get an incoming SMTP connection from 1.2.3.4.
I lookup rDNS for 1.2.3.4; if that lookup fails, I 550 the connection
and hang up — the host has failed to meet minimum requirements for SMTP clients. If that lookup succeeds, I
query forward DNS for the hostname I just got back, and
550 the connection if it doesn’t resolve. If that test succeeds, and I
allow the SMTP conversation to continue, then eventually
the other side will specify a sender, say fred@flintstone.example.com. I then look up example.com;
if that lookup fails, I 550 the connection and hang up — it’s
foolish to accept mail from domains that don’t exist. If that
lookup succeeds, I pull the MX records for example.com and
see if they’re valid — if they point to bogon space, I 550 the
connection and hang up, because the message can’t be replied
to, therefore there is no point in accepting it. I might also check
for flintstone.example.com — is there an MX record for it? Is it covered by a wildcard MX? Is there an A record (so that I can
fall back to that in the absence of an MX record)?

The gist is that these are all basic sanity checks designed
to refuse mail that’s either (a) obviously bogus or (b) coming
from an incorrectly-configured host, since long experience (long painful bitter experience) has shown that the only way to get the attention of operators of such hosts is to make the problems obvious to them. These basic sanity checks have as a
desirable byproduct considerable effectiveness against unwanted SMTP traffic. (Which is why some MTAs, e.g. sendmail, include
them as easily-configurable options.)

Now consider what happens to them if someone starts
forging DNS replies a la Verizon. Consider further what happens if those forgeries start happening with no warning. And consider still further that this is just one small example with just one of many application protocols that rely on DNS returning what it’s supposed to, not what is convenient.

The bottom line is that this is a really, really bad idea
executed by a company that’s clearly trying to monetize DNS
without regard for the degradation of service it’s imposing
on its own customers.

Derek Mark Edding says:

The worst thing about typo-squatting, IMO, is that it deprives me of the opportunity to fix the typo and move on. I put in a URL that was off by one letter. Then suddenly the browser is redirected off to some ridiculously long address.

If the typo was still there I could hit two keys and fix it. Since EarthLink (or Comcast) butted in, I have to start over from scratch. And if I make another typo on the last letter, it’s time for some deep breathing exercises… :p

Mike Fratto says:

VZ Wierdness

I am a FiOS customer and they do have a way to disable this feature by manually configuring DNS, but I was researching this while writing up a blog and I found something interesting (at least to me).

If you type in random text ending in .com or .net, it will send you to a landing page. If you type in key words like camera.photo.lens.kdhfidhufd.com, you get a host not found! There are other non-random names that will return a host not found. I don’t think they are using wildcard dns (at least not as specified by rfc 1034), but something else.

AC says:

Verizon using DNS to censor sites

They are now intercepting DNS queries to non-Verizon DNS servers and redirecting the query to the intentionally broken Verizon DNS servers. They are also using DNS to censor parts of websites – nytimes.com – you can reach the base address fine, but attempts to access certain pages are redirected to Verizon’s fradulent advert/error page.

These blocked pages are invariably political in nature.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...