Re: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)

[Paul Wouters <paul@xelerance.com>]

On Tue, 26 Oct 2010, Andreas Gustafsson wrote:

> Third, browser vendors could help raise awareness and exert pressure.
> Imagine browsers detecting rewrites and displaying alerts along these
> lines:
>
>    [Insert browser name here] has detected that your computer is
>    using a DNS server that tampers with the results of DNS lookups.
>    Most likely, this is an attempt by your Internet Service Provider
>    to replace the error message that would normally be displayed
>    when you enter an incorrect URL with a pages containing paid
>    advertisements.
>
>    [Browser vendor] considers this practice harmful, not only because
>    it alters your web browsing experience, but also because it can
>    interfere with the operation of other Internet applications on
>    your computer and other Internet-enabled devices on your network.
>
>    [Browser] has automatically switched to a third-party DNS service
>    operated by [company], but your other applications and devices are
>    still affected.  If your Internet Service Provider allows you to
>    opt out of DNS rewriting, we recommend that you do so.  Alternatively,
>    you can change your DNS settings to use a third-party DNS provider
>    by following the instructions at [this link].

This creates unneccessary warnings for users who want to opt-in their computer
and/or home network to use a trusted third party DNS rewriting vendor.

I'm not a fan of those services, but they are non-malicious
services. Spamming users with DNS warnings to get rid of spamming users
with CERT warnings does not seem like a good solution to me. Instead, all
these warning should ideally disappear from the enduser's experience.

Paul