On Tue, Nov 5, 2013 at 2:38 PM, Warren Bailey < wbailey@satelliteintelligencegroup.com> wrote:
I've noticed a lot more nxdomain redirects on providers (cox, uverse, tmo,
I believe these ISPs have been servicing a mucked up recursive DNS like this for quite a while. Yes, this traffic hijacking and modification of DNS server replies is very uncool for users. Yes, they do it anyways, on their own recursive DNS servers; which they can do of course, on their own DNS servers.
etc.) networks lately. How is this being done?? Is it a magic box or some kind of subscription service?
Both. There are multiple providers specializing in ISP DNS traffic monetization, that are well-known, with multiple articles about them; you redirect DNS traffic, or insert a sniffer box between recursive DNS servers and users, the hijacking provider monetizes the NXDOMAIN traffic, the ISP gets a small share. I won't be surprised if they have 50 salesmen monitoring this list, trampling each other to be the first to respond to your 'solicitation' now <G> Are any of you doing it?
I only know of very large residential providers doing it. This is believed to not be something Enterprise IT or business clients will tolerate, of their ISP. For one thing, NXDOMAIN response tampering breaks DNS-based spam filtering / hostname verification features.
//warren
-- -JH