In the past month or so I've run across two separate ISPs that are
apparently polluting the DNS by returning A records in cases where the
authoritative server would either return NXDOMAIN or no answers. The A
records generally point to an HTTP server that will display
advertisements, but I've also seen more sinister things happen.
Is there anything that IETF as an organization, or IETF participants,
can do to discourage this? To me this is fraud and unfair trade
practice in addition to being a security threat (as people give their
passwords when trying to connect to the wrong site) and harmful to
applications (either because they do connect to a protocol engine on the
wrong server, or they try to connect to a nonexistent protocol engine on
the wrong server and treat the "connection refused" or "connection timed
out" condition as a temporary error). I've also seen this break
applications that speak both IPv4 and IPv6 by failing to return the AAAA
records.
I'm willing to write a draft explaining in detail why this is harmful,
but somehow I think it will take more than just an RFC to get this
practice stopped.
Keith
This is very similar to the situation covered by RFC 1535.
Network Working Group E. Gavron
Request for Comments: 1535 ACES Research Inc.
Category: Informational October 1993
A Security Problem and Proposed Correction
With Widely Deployed DNS Software
In that case it was a bad search list. You got a response
you wern't expecting.
The correct response for a name that does not exist on
the Internet is Name Error. Any ISP that returns anything
else is committing fraud. They are not providing the product
that they advertised.
If my ISP in Australia tries this I will be contacting ACCC
http://www.accc.gov.au/ if I happen to notice. I run my own
nameservers.
Note: I don't consider that this covers signin screens as you
havn't at that point reached a agreement to provide Internet
access.
Mark
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training(_at_)isc(_dot_)org(_dot_)
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf