[ale] OpenDNS (was: Re: Comcast DNS)

Michael B. Trausch mbt at zest.trausch.us
Wed May 27 19:23:33 EDT 2009


On Wed, 27 May 2009 18:28:12 -0400
James Sumners <james.sumners at gmail.com> wrote:

> *shrug* This is a result of their typo correction service. If you type
> "http://www.example.cm" it would get corrected to
> "http://www.example.com/". If it can't figure out how to correct the
> URL, you typed "example.com" instead of "http://example.com/", then
> you get taken to a page filled with possible suggestions. Nothing
> wrong with that, and this service is explicitly described when you ask
> for the DNS addresses for OpenDNS. If you don't like it, fine, but
> some of us find it handy.

It's an interesting service, though I think it's poorly thought out.
If anything is going to be corrected, TLDs should be _it_.  SLDs and
subdomains absolutely ought to fail with NXDOMAIN if they don't exist
in the domain system; if the domain operator for the SLD wants all
subdomains to return something interesting and/or possibly useful, that
should be up to them.

The downside is that manager-types that think the Web is the whole
Internet will see it and then choose to run their DNS servers
configured in a similar fashion. At least one ISP I know of in NW Ohio
does this, and I would not be surprised if there were others.  Though
instead of going to something helpful, they redirect it to a GoDaddy
page stating that the site is "parked" and is full of adverts.  I only
found that out by accident after getting really frustrated with not
being able to connect to my server via SSH and thinking my network was
down, only to see that I had in fact made a typo and wasn't getting an
NXDOMAIN response back.

It is an excellent example of a service deployed without consideration
for potential consequences of the service.  If the entire Internet
deployed servers that acted like this, there would be all sorts of
applications that simply wouldn't work right because they depend on
accurate information from the domain name system to properly work.

Again, I go with the example that if "allspice.trausch.us" is valid but
"allpsice.trausch.us" isn't, the latter should receive an NXDOMAIN
response.  Take SSH; if you use OpenDNS, try ssh'ing to
allpsice.trausch.us.  You'll wait for a while, thinking it's working,
and eventually (in my case, I waited for 3 minutes, 9 seconds) it'll
timeout.  This is _clearly_ not desirable, at least for any definition
of desirable that I subscribe to.  Making typos that you don't see is
something that happens all the time, and if you're going to make a
typo, it should at least fail for the right reason, and if you get an
NXDOMAIN in return, SSH will fail right away, with a clear error
message.  

I don't know about y'all, but I use SSH (nearly) as much as I use the
Web, and I'd be royally pissed if DNS servers globally decided to break
it for me---even if you _could_ opt-out.  I'd rather have to opt-in to
standards breakages.

That's why I use 4.2.2.1 and 4.2.2.2 as my DNS servers.  :-)

	--- Mike

-- 
There is some sort of perverse pleasure in knowing that it's basically
impossible to send a piece of hate mail through the Internet without
its being touched by a gay program. That's kind of funny.
                        --- Eric Allman, author of sendmail
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20090527/026c20f2/attachment.bin 


More information about the Ale mailing list