On Wed, Nov 20, 2019 at 12:07 AM Mel Beckman <mel@beckman.org> wrote:
Frontier and Verizon have been doing it for years. They have simply thumbed their noses at NXDOMAIN. All in the name of capturing data and eyeballs By Any Means Necessary.
Verizon USED to do this on the former UUnet customer cache resolvers (notably: 198.6.1.1 and it's ilk) ... but: $ dig @198.6.1.1 dad.ads123j.com ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2315 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dad.ads123j.com. IN A ;; AUTHORITY SECTION: com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1574180221 1800 900 604800 86400 my understanding was that this was discontinued eventually when the 'product': 1) made no appreciable money for the cost of operation 2) paxfire died in a fiew 3) the ProjectManager responsible inside VZB got canned... I didn't think they brought this back to life... I hope they did not :( Maybe you meant the VZ dsl/fios customer cache devices were/are doing this? oh :( ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43555 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;dad.ads123j.com. IN A ;; ANSWER SECTION: dad.ads123j.com. 0 IN A 92.242.140.21 ;; Query time: 22 msec ;; SERVER: 71.250.0.12#53(71.250.0.12) that's unfortunate for all of VZ's landline/dsl/fios folks :( bummer.
-mel
On Nov 19, 2019, at 8:00 AM, Matthew Pounsett <matt@conundrum.com> wrote:
On Tue, 19 Nov 2019 at 10:57, Patrick Schultz <lists-nanog@schultz.top> wrote:
Just to weigh in: Here in Germany, the largest internet provider (Deutsche Telekom) did the same thing. It's basically just a "search guide", it redirects you to a search page and assumes you just had a typo in the URL.
Telekom stopped doing that in April, after a user reported them to the district attorney for supposed data manipulation, a misdemeanor.
If your entire Internet is just the web then it's perhaps not a big deal. But there are a lot of protocols that depend on proper functioning of NXDOMAIN. If you recall, Verisign got in a bunch of trouble for doing that back in the day at the authoritative level.