IETF Logo Mail Archive

Re: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)

Andreas Gustafsson <gson@araneus.fi> Tue, 26 October 2010 19:38 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4BB433A6849; Tue, 26 Oct 2010 12:38:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EyCxB7iqeR0T; Tue, 26 Oct 2010 12:38:41 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3BCBB3A68CE; Tue, 26 Oct 2010 12:38:41 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1PApIL-0007LX-GO for namedroppers-data0@psg.com; Tue, 26 Oct 2010 19:34:53 +0000
Received: from gusev.araneus.fi ([83.145.227.89]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <gson@araneus.fi>) id 1PApII-0007LE-DG for namedroppers@ops.ietf.org; Tue, 26 Oct 2010 19:34:50 +0000
Received: from guava.gson.org (guava.gson.org [83.145.227.105]) by gusev.araneus.fi (Postfix) with ESMTP id 24D8A92578; Tue, 26 Oct 2010 22:34:47 +0300 (EEST)
Received: by guava.gson.org (Postfix, from userid 101) id 1ACEA75E92; Tue, 26 Oct 2010 22:34:46 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <19655.11606.564912.442174@guava.gson.org>
Date: Tue, 26 Oct 2010 22:34:46 +0300
To: IETF DNSEXT WG <namedroppers@ops.ietf.org>
Subject: Re: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)
In-Reply-To: <78766.1288064363@nsa.vix.com>
References: <59023.1287939121@nsa.vix.com> <20101025094523.GA5187@nic.fr> <41281.1288025835@nsa.vix.com> <20101025233215.4A495606495@drugs.dv.isc.org> <72674.1288058394@nsa.vix.com> <AANLkTimwXkUrYHveahqTMZe=V8zu8LG1MJ3HtQEZAoDW@mail.gmail.com> <78766.1288064363@nsa.vix.com>
X-Mailer: VM 8.0.14 under 21.4.1 (i386--netbsdelf)
From: Andreas Gustafsson <gson@araneus.fi>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

Paul Vixie wrote:
> > From: Colm MacCárthaigh <colm@allcosts.net>
> > Why doesn't that belong better in HTTP? The HTTP WG is probably better
> > placed to define whatever a "web error" is.
> 
> if you get an nxdomain you won't be connecting to any web server anywhere.

Maybe this can't be solved by the HTTP WG, but it could be solved by
the web browser vendors.

First of all, any improvement in "user experience" that the proponents
of web error redirection are claiming as a justification for doing DNS
rewriting can just as easily be implemented in the browser.  One
difference, of course, is that any ad revenue resulting from the
"improved experience" would then go to the browser vendor rather than
the ISP.

Second, browser vendors are in a position to defend against unwanted
DNS rewrites, by making the browsers bypass the system resolver and
directly query a recursive DNS server operated by the vendor or a
third party.  If enough browsers did this, NXDOMAIN rewriting in the
DNS would not longer be profitable.

Third, browser vendors could help raise awareness and exert pressure.
Imagine browsers detecting rewrites and displaying alerts along these
lines:

    [Insert browser name here] has detected that your computer is
    using a DNS server that tampers with the results of DNS lookups.
    Most likely, this is an attempt by your Internet Service Provider
    to replace the error message that would normally be displayed
    when you enter an incorrect URL with a pages containing paid
    advertisements.

    [Browser vendor] considers this practice harmful, not only because
    it alters your web browsing experience, but also because it can
    interfere with the operation of other Internet applications on
    your computer and other Internet-enabled devices on your network.

    [Browser] has automatically switched to a third-party DNS service
    operated by [company], but your other applications and devices are
    still affected.  If your Internet Service Provider allows you to
    opt out of DNS rewriting, we recommend that you do so.  Alternatively,
    you can change your DNS settings to use a third-party DNS provider
    by following the instructions at [this link].

-- 
Andreas Gustafsson, gson@araneus.fi

v2.23.0 | Report a Bug | By Email