[DNS] Telstra DNS redirection

[DNS] Telstra DNS redirection

From: Brett Fenton <brett.fenton§netregistry.com.au>
Date: Fri, 20 Nov 2009 13:04:19 +1100
They aren't 'redirecting' anyone. Which is what Verisign did by wildcarding in 
the root. 

The only thing I see the service doing is not DNS at all.

They detect a failed lookup (only on HTTP requests), and they return custom 
HTTP content to the browser. They don't redirect a failed domain lookup to 
some other domain. 

We do it in the office here. Staff try and visit social networking sites, get 
shown some 'custom' content. 

I'm not sure unless I'm wrong that anyone else on the list is interpretting 
the issue in the same manner that you are. 

> On 20/11/2009, at 2:38 PM, Brett Fenton wrote:
> > Sigh. I'm not sure anybody looks to ICANN for technical brilliance.
> 
> Only a couple of members of SSAC are ICANN employees, the rest are
>  volunteers, and even then yes I do look to people like David Conrad (ICANN
>  VP for clever stuff) for technical brilliance which he has in abundance. 
>  I also look to Steve Crocker, chair of SSAC and author of RFC 1 and Paul
>  Vixie of ISC and so on.  The full list is here: 
>  http://www.icann.org/en/committees/security/
> 
> > Their
> > 'problems caused' summary for example - poor user experience. That's
> > subjective, not a technical resolution, as are a few of the others.
> >
> > Regardless. The issue in the paper, is wildcarding in the root, which is
> > what Verisign did.
> 
> It is about synthesis and redirection at a TLD level but then that is
>  exactly what the Telstra redirection does.  Are you suggesting they will
>  redirect doesnotexist.example.com but not doesnotexist.com?
> 
> > My very first post said this was bad. Very bad.
> >
> > Unless you know something I don't Telstra aren't wildcarding in the root.
> > They are returning defined HTTP against failed lookups. I think you're
> > confusing what the issue is and what it isn't.
> 
> No, see above.
> 
> > A better analogy might be for example how a browser handles a fail. IE
> > displaying Bing search results or Chrome displaying Google content.
> 
> Er, no.  This is DNS not the web.
> 
> > I'm sorry but I'm still not seeing this as anything other than a very
> > minor inconcenience to a very small subset of users (who have the ability
> > to turn it off anyway).
> 
> If you are saying that solely because of the opt-in/opt-out issue then we
>  can agree to differ, but if it your assessment of the impact then I still
>  think you are missing the issue.
> 
> Here's another good explanation of what is wrong with it:
> 
> 	http://queue.acm.org/detail.cfm?id=1647302
> 
> kind regards
> Jay
> 
> ---------------------------------------------------------------------------
> List policy, unsubscribing and archives => http://dotau.org/
> 
Received on Thu Nov 19 2009 - 18:04:19 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:10 UTC