ad.doubleclick.net missing from DNS?
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
Adding an entry in LMHOSTS or /etc/hosts pointing ad.doubleclick.net to 127.0.0.1 is generally a good idea, especially if you value your privacy. ---Rico
Sounds neat idea, worth giving a try. Mehmet Akcin www.akcin.net -----Özgün İleti----- Kimden: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] Yerine Ricardo "Rick" Gonzalez Tarih: Tuesday, July 27, 2004 7:59 PM Kime: Sean Donelan Bilgi: nanog@merit.edu Konu: Re: ad.doubleclick.net missing from DNS?
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
Adding an entry in LMHOSTS or /etc/hosts pointing ad.doubleclick.net to 127.0.0.1 is generally a good idea, especially if you value your privacy. ---Rico
Adding an entry in LMHOSTS or /etc/hosts pointing ad.doubleclick.net to 127.0.0.1 is generally a good idea, especially if you value your privacy.
Better still, run an http listener on (for example) 127.0.0.2 port 80, using the appropriate /etc/hosts glue to map whatever hostnames you like to that address, and answer requests with null content; the remainder of the page will complete faster as a result. For extra credit, log the requests so you can browse the Host:/Referer: combinations. Stephen
Stephen Stuart <stuart@tech.org> wrote: [...]
Better still, run an http listener on (for example) 127.0.0.2 port 80, using the appropriate /etc/hosts glue to map whatever hostnames you like to that address, and answer requests with null content; the remainder of the page will complete faster as a result. For extra credit, log the requests so you can browse the Host:/Referer: combinations.
I do this on my home network by transproxying at the border and returning 403 errors for requests to certain domains. Quite handy for certain sites, especially those that are the source of particularly annoying advertising that Mozilla won't block. -- Vice is its own reward. It is virtue which, if it is to be marketed with consumer appeal, must carry Green Shield stamps. - Quentin Crisp
Hi, On Tue, Jul 27, 2004 at 12:34:04PM -0400, Sean Donelan wrote:
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
Actually, it appears to me that all of dclk's nameservers are unreachable. Marcus
Once upon a time, Sean Donelan <sean@donelan.com> said:
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
It looks like the problem isn't that the A record is missing, it is that the nameservers are missing: ask(ad.doubleclick.net)(A): ns1.doubleclick.net ns2.doubleclick.net ns3.doubleclick.net ns4.doubleclick.net ;; send_udp(216.73.86.10:53) ;; send_udp(216.73.87.10:53) ;; send_udp(216.73.85.10:53) ;; send_udp(216.73.81.10:53) ;; send_udp(216.73.86.10:53) ;; send_udp(216.73.87.10:53) ;; send_udp(216.73.85.10:53) ;; send_udp(216.73.81.10:53) ;; send_udp(216.73.86.10:53) ;; send_udp(216.73.87.10:53) ;; send_udp(216.73.85.10:53) ;; send_udp(216.73.81.10:53) ad.doubleclick.net: query timed out -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Sean Donelan(sean@donelan.com)@2004.07.27 12:34:04 +0000:
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
Short remedy recipee: - Download Firefox -> http://www.mozilla.org - Install AdBlocker Extension (Tools>Extensions>Get Extensions...) - Block http://*.doubleclick.net/ - Add more rules to your gusto and have a pleasant browsing experience ;-) Regards, /k --
There is something fascinating about science. One gets such wholesale returns of conjecture out of such a trifling investment of fact. --Mark Twain webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html DoubleClick spokeswoman Jennifer Blum said the attack targeted the company's domain name servers (DNS) -- machines that help direct Internet traffic -- causing "severe service disruptions" for all 900 of its customers. Blum said the outage was caused by a distributed denial-of-service attack, in which hackers use the firepower of thousands of hijacked computers to flood a Web site with so many bogus Web page requests that it renders the site unavailable to legitimate users. [...] The FBI is not investigating the incident because DoubleClick has not filed a report, said bureau spokeswoman Megan Baroska.
While I disagree with the method of the attacker, I can understand the reasoning behind an attack on a company that is considered a spyware company, doubleclick certainly has turned up more than once on my version of spybot as a site to block..... -Henry --- Sean Donelan <sean@donelan.com> wrote:
http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html
DoubleClick spokeswoman Jennifer Blum said the attack targeted the company's domain name servers (DNS) -- machines that help direct Internet traffic -- causing "severe service disruptions" for all 900 of its customers. Blum said the outage was caused by a distributed denial-of-service attack, in which hackers use the firepower of thousands of hijacked computers to flood a Web site with so many bogus Web page requests that it renders the site unavailable to legitimate users. [...] The FBI is not investigating the incident because DoubleClick has not filed a report, said bureau spokeswoman Megan Baroska.
Now the question is, can one easily block all of doubleclick.net by 127.0.0.1 in the hosts file on a wincrash box? They appear to have ad, ad2, ad3, m2, m3.doubleclick.net. Anyone know what hosts to list??? (ie: ad2, ad3 ... to ad<x>???) ----- Original Message ----- From: "Henry Linneweh" <hrlinneweh@sbcglobal.net> To: "Sean Donelan" <sean@donelan.com>; <nanog@merit.edu> Sent: Tuesday, July 27, 2004 17:10 Subject: Re: ad.doubleclick.net missing from DNS?
While I disagree with the method of the attacker, I can understand the reasoning behind an attack on a company that is considered a spyware company, doubleclick certainly has turned up more than once on my version of spybot as a site to block.....
-Henry
--- Sean Donelan <sean@donelan.com> wrote:
http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html
DoubleClick spokeswoman Jennifer Blum said the attack targeted the company's domain name servers (DNS) -- machines that help direct Internet traffic -- causing "severe service disruptions" for all 900 of its customers. Blum said the outage was caused by a distributed denial-of-service attack, in which hackers use the firepower of thousands of hijacked computers to flood a Web site with so many bogus Web page requests that it renders the site unavailable to legitimate users. [...] The FBI is not investigating the incident because DoubleClick has not filed a report, said bureau spokeswoman Megan Baroska.
I got my list from somewhere else, but lost the link. Try: http://www.google.com/search?hl=en&ie=UTF-8&q=hosts+ad+blocking+servers&btnG=Google+Search Lot's there. JMH John Palmer wrote:
Now the question is, can one easily block all of doubleclick.net by 127.0.0.1 in the hosts file on a wincrash box? They appear to have ad, ad2, ad3, m2, m3.doubleclick.net. Anyone know what hosts to list??? (ie: ad2, ad3 ... to ad<x>???)
-- John Hall Test Manager - Switch Team F5 Networks, Inc.
On Tue, 2004-07-27 at 18:21, John Palmer wrote:
Now the question is, can one easily block all of doubleclick.net by 127.0.0.1 in the hosts file on a wincrash box? They appear to have ad, ad2, ad3, m2, m3.doubleclick.net. Anyone know what hosts to list??? (ie: ad2, ad3 ... to ad<x>???)
Been fixing that for a good 6 years now. Just setup your local name servers to be authoritative for doubleclick.net and don't put any A records in the file. Works like a charm. ;-) Chris
... what hosts to list??? (ie: ad2, ad3 ... to ad<x>???)
Been fixing that for a good 6 years now. Just setup your local name servers to be authoritative for doubleclick.net and don't put any A records in the file. Works like a charm. ;-)
on the one hand, you'd need a wildcard A RR at *.doubleclick.net to achieve this result. the above text does not mention this, and leads one to believe that an apex A RR at doubleclick.net would have an effect. on the other hand, if you do this for a nameserver that your customers depend on, then there is probably some liability for either trademark infringement, tortious interference with prospective economic advantage, and the gods alone know what else. if you do this, keep it to a server you run on 127.0.0.1 and ensure that you are its only user. -- Paul Vixie
Paul Vixie wrote:
on the other hand, if you do this for a nameserver that your customers depend on, then there is probably some liability for either trademark infringement, tortious interference with prospective economic advantage, and the gods alone know what else. if you do this, keep it to a server you run on 127.0.0.1 and ensure that you are its only user.
Where is it written that a server has to carry other people's non- revenue advertizing or links to it? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Paul Vixie wrote:
on the other hand, if you do this for a nameserver that your customers depend on, then there is probably some liability for either trademark infringement, tortious interference with prospective economic advantage, and the gods alone know what else. if you do this, keep it to a server you run on 127.0.0.1 and ensure that you are its only user.
LarrySheldon@cox.net ("Laurence F. Sheldon, Jr.") said:
Where is it written that a server has to carry other people's non- revenue advertizing or links to it?
what i've discovered, not by going to law school but by being sued a lot, is that "prospective economic advantage" means whatever a judge thinks it should mean, and "tortious interference" with same ought to be carefully considered. it's the 21st century, and domain names are trademarks in all but fact. if you cause someone else's domain name to stop working for a population larger than yourself, and if the domainholder would have made money had you not done so, then you could be in for a rough ride. don't take my word for it -- if you're an ISP, you've got a lawyer you can ask. Chris Brenton said:
Guess I don't see this as being any different than restricting access based on port number or IP address. If your SLA empowers you to selectively block traffic, what's the difference?
convincing a judge that your customers were aware of that provision when they signed on is "hard". convincing a judge that your customers had the ability to choose a different isp at a similar price/feature level but without this selective blocking is "very hard". you might get a sane and technically savvy judge of the civil libertarian variety -- it's a dice roll. all i'm saying is, talk to your lawyer before you do it. Paul Vixie also wrote:
on the one hand, you'd need a wildcard A RR at *.doubleclick.net to achieve this result. the above text does not mention this, and leads one to believe that an apex A RR at doubleclick.net would have an effect.
Larry Sheldon then said:
Depends what you are trying to do. I'm perfectly happy to have *.doubleclick.net return a "host not found", so a file with no A records works fine for me.
For me that results in broken-picture icons where the ad content went. I prefer to redirect my browser's fetches of this content to a local webserver that always returns empty but syntactically valid objects. For that I'd need a wildcard. YMMV. -- Paul Vixie
On Tue, 2004-07-27 at 21:44, Paul Vixie wrote:
on the one hand, you'd need a wildcard A RR at *.doubleclick.net to achieve this result. the above text does not mention this, and leads one to believe that an apex A RR at doubleclick.net would have an effect.
Depends what you are trying to do. I'm perfectly happy to have *.doubleclick.net return a "host not found", so a file with no A records works fine for me.
on the other hand, if you do this for a nameserver that your customers depend on, then there is probably some liability for either trademark infringement, tortious interference with prospective economic advantage, and the gods alone know what else.
Guess I don't see this as being any different than restricting access based on port number or IP address. If your SLA empowers you to selectively block traffic, what's the difference? I agree however that at the ISP level its probably good practice to _not_ do this. Then again, when I had my ISP I did filter out doubleclick as well as certain IPs and ports. This was in the SLA however so clients knew this was happening (and considered it a "feature") before they signed up for service. C
On 7/27/2004 6:21 PM, John Palmer wrote:
Now the question is, can one easily block all of doubleclick.net
Couple of methods that have worked for me. If you have squid or similar, you can get a plugin that lets you redirect various sites/domains to a 1x1 transparent gif. This method is preferred since it only requires a single list to maintain. If you have a local nameserver and webserver, then make your dns server authoritative for the domains and redirect queries to a sink address on the web server, and config the web server to answer such requests with that 1x1 transparent gif object. This is more difficult (have to maintain the named.conf list of domains and the apache list of virtual hosts) but overruling the domain names has a lot of potential power for other uses too, possibly including spam blocking, if you are so configured. In both cases, the gif mime-type will overwrite whatever content was originally specified, and the gif is scaled to whatever is specified by the html layout, so using a 1x1 transparent gif doesn't usually cause problems. The hard part here is managing the list of blocked sites, restarting the service, etc. And like Paul said, think about the ramifications of providing such features to a secondary organization and/or user. Making them manually configure their proxy/resolver settings may be enough, but IANAL.
--On tisdag 27 juli 2004 12.34 -0400 Sean Donelan <sean@donelan.com> wrote:
The A record for ad.doubleclick.net is missing from DNS. This is causing apparent web page slowdowns when viewing web sites containing ads linked to ad.doubleclick.net
Not here, even works when I'm not connected: ;; ANSWER SECTION: ad.doubleclick.net. 86400 IN A 127.0.0.1 ad.doubleclick.net. 86400 IN AAAA ::1 What? Me subverting things? Naaah. /måns, catching up. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE
participants (16)
-
abuse@cabal.org.uk
-
Chris Adams
-
Chris Brenton
-
Eric A. Hall
-
Henry Linneweh
-
John Hall
-
John Palmer
-
Karsten W. Rohrbach
-
Laurence F. Sheldon, Jr.
-
Marcus Reid
-
Mehmet Akcin
-
Måns Nilsson
-
Paul Vixie
-
Ricardo "Rick" Gonzalez
-
Sean Donelan
-
Stephen Stuart