Forgot your password?
typodupeerror
The Internet

Charter Implements SiteFinder-Like DNS 206

Posted by kdawson
from the fun-and-games dept.
paulbiz writes "Charter Cable's DNS servers have just started resolving all invalid hostnames and pointing them to their own error page. The About page states: 'This service automatically eliminates many of the error pages you may encounter as you surf the web. No software was installed on your computer for this service to work.' It has an 'opt-out' page, but when you use it Charter simply sets a cookie that makes their page redirect errors to Microsoft Live Search instead!" One more reason to use OpenDNS, where you can actually opt out of the custom error page.
This discussion has been archived. No new comments can be posted.

Charter Implements SiteFinder-Like DNS

Comments Filter:
  • by Anonymous Coward
    That's precisely the reason why I run my own resolver. Also, if I were a customer of those morons, they would get a nice letter demanding to restore their service to proper working or else they'd get no more money.
    • Re: (Score:2, Funny)

      I run my own resolver, too. In fact everyone runs their own resolver. The resolver is the bit of the DNS infrastructure that runs on client machines and is responsible for performing lookups. Every computer that can access the Internet tubes has a resolver on it.
      • by drinkypoo (153816)

        Every computer that can access the Internet tubes has a resolver on it.

        Not true! When I got my sun3/260 (long since gone, although I did upgrade it to a 4/260 while I still had it) I installed SunOS 4.1.1 on it, as it was the latest and greatest that you could even get on there. It came with TCP/IP but the resolver was not linked in! I actually had to link the DNS resolver into libc (IIRC) before I could use DNS. But I could still access things by IP, and actually did so.

    • by jafiwam (310805) on Thursday February 15, 2007 @08:54AM (#18022736) Homepage Journal
      Well Charter in particular has been blocking DNS ports to anything but their DNS servers for a long time.

      So running your own resolver on a Charter line probably will basically mean no DNS.
      • by PaisteUser (810863) on Thursday February 15, 2007 @09:30AM (#18023148)
        Well Charter in particular has been blocking DNS ports to anything but their DNS servers for a long time. So running your own resolver on a Charter line probably will basically mean no DNS.

        This might be the case in certain areas, but in my neck of the woods, I'm able to use DNS servers other than standard Charter DNS resolvers just fine.
      • by Intron (870560)
        Blocking outbound connections? They might block inbound DNS connections to PCs on dynamic addresses in order to prevent trojaned machines from acting as DNS servers for spam sites, but blocking outbound port 53 is just stupid.
  • by daeg (828071) on Thursday February 15, 2007 @08:32AM (#18022556)
    I've read about various ISPs doing this from time to time, but have any of them actually stuck around for more than a month or so? The stories are usually followed up by a hasty retraction shortly after the launch.

    Charter customers (I pity you): make your voice heard!

    Although the recommendation to switch to OpenDNS has the same flaws from what I have read. They, too, redirect unknown domains to their "organic search" page. I'm not sure how trees and cows help your search, but I suppose supporting an open, free DNS system is better than letting Charter continue to rake in money at your expense.
    • Re: (Score:3, Informative)

      by drinkypoo (153816)

      Although the recommendation to switch to OpenDNS has the same flaws from what I have read. They, too, redirect unknown domains to their "organic search" page.

      You, sir, are not using your brain.

      From the OpenDNS FAQ [opendns.com]:

      How do I turn off phishing protection or typo correction? [opendns.com]
      Create a free account to manage your network preferences.

      In fact you can turn those "features" off. You have to opt-out, which means you have to register.

    • So does this foul up anti-spam software like the Sitefinder one did, by resolving non-existent domains?
      • Not just that. If a misspelled domain gets "resolved" by this "service", it shows up in your history and URL autocomplete list. Every time you type in that domain again, the misspelled URL comes up.
    • I've read about various ISPs doing this from time to time, but have any of them actually stuck around for more than a month or so?


      WideOpenWest has been doing this since at least November, and it's still going on. On the up side, they have a link where you can opt out of it. On the down side, the page has javascript errors in firefox, and when you use it in IE it doesn't seem to do anything (a week later it's still giving their stupid DNS error page).
    • by carambola5 (456983) on Thursday February 15, 2007 @05:42PM (#18031326) Homepage

      Charter customers (I pity you): make your voice heard!


      As a frequently-disgruntled Charter customer, I was given a golden ticket. I feel obliged to share it:

      Charter Corporate Complaint Line: 314-288-3150
    • by joeljkp (254783)
      What about OpenNIC [unrated.net]? They're an entirely separate root DNS system that still resolves all the standard ICANN stuff as well.

  • I have a feeling (Score:2, Interesting)

    by kobaz (107760)
    I have a feeling that this will die a quick painful death just like sitefinder did.
    • I doubt it (Score:4, Interesting)

      by Shawn is an Asshole (845769) on Thursday February 15, 2007 @09:13AM (#18022896)
      Earthlink still has their version Sitefinder. Charter will likely continue with this bad idea. Others will likely follow.

      At least Earthlink offers "opt out servers [earthlink.net]" that function properly.
    • by kobaz (107760)
      I'm replying to my own post since apparently the mod didn't who didn't like my post just clicked instead of replied. How could my post possibly be redundant since I was the first to bring up that particular topic in this story?
  • by the unbeliever (201915) <<moc.keeglta> <ta> <todhsals+sirhc>> on Thursday February 15, 2007 @08:36AM (#18022596) Homepage
    Reading things on their faq, like "intercepts phishing attempts" and "corrects typos"

    No thanks, I'll just use my work's DNS servers from anywhere I go, since we're not douchebags and don't want to make more income by hijacking other people's surfing.

    Also, Earthlink has been doing this for months, which is why I recently replaced the DNS servers that have been burned into my skull since working there in 1998.

    • Re: (Score:3, Informative)

      by Albanach (527650)

      Also, Earthlink has been doing this for months, which is why I recently replaced the DNS servers that have been burned into my skull since working there in 1998.
      Earthlink provide two DNS servers that operate normally for anyone that wants to opt out. They even have a knowledgebase article [earthlink.net] telling you about it.
    • by antdude (79039)
      What's wrong with "intercepts phishing attempts" and "corrects typos"? I find this handy at home, especially with computer illiterates (not me).
    • by mcrbids (148650)

      No thanks, I'll just use my work's DNS servers from anywhere I go, since we're not douchebags and don't want to make more income by hijacking other people's surfing.


      If you are able to do this, your work's DNS servers are misconfigured. A quick Google search [google.com] leads you to this informative article [derkeiler.com] about the problem and what to do about it.

      Oh, and why your work DNS servers are misconfigured, threatening the safety of MY Internet connection...
  • Not working for me. (Score:2, Informative)

    by wileyAU (889251)
    I have Charter (who I hate BTW, I had to switch from Comcast to Charter the last time I moved and am now paying more money for worse service), and am still getting the standard "Page Not Found" screen. Of course, I'm running Firefox on a Mac, so . . .
    • by solevita (967690)

      Of course, I'm running Firefox on a Mac, so . . .

      So DNS doesn't work? If their system is working as they intended, you'll get redirected no matter what browser you run on what platform.
    • by tji (74570)
      I also have Charter broadband (and am using Firefox on a MacBook Pro), and it does do the silly redirection for me.

      It gives you a choice to "opt out", but that can only work for www browsers, since it relies on cookies. So, any other apps making network connections are subject to their redirections.

      I hope there will be enough customer pushback to get this reversed. But, I'm not sure there will be. Most users won't realize what's happening. And, I personally don't have any other broadband options.. it's
  • Well... It's Charter's network, so I guess they can do what they want, eh?
    • Re: (Score:3, Insightful)

      by paeanblack (191171)
      Well... It's Charter's network, so I guess they can do what they want, eh?

      That depends on how they are selling it. Would that argument hold up if they were blocking http traffic from comcast.com, verizon.com, etc?

      Accurate DNS would probably be an assumed necessity for consumer-level "internet access". If they are actively and intentionally shipping bogus DNS info, there could be some opportunity for lawyers to get some billable hours in.
    • Re:Issue? (Score:5, Insightful)

      by Waffle Iron (339739) on Thursday February 15, 2007 @09:48AM (#18023420)

      Well... It's Charter's network, so I guess they can do what they want, eh?

      They can do what they want after they've dropped out of the exclusive franchising agreement they have with my city. Until then, they enjoy government protection from market competition, and they should be subject strict oversight to prevent them from taking advantage of their monopoly entitlement to harm consumers.

      • by jon787 (512497)
        Totally Agree. Where I used to live Charter was the *only* high speed internet access in the area for a long time.
  • by jkmullins (643492) on Thursday February 15, 2007 @08:38AM (#18022618) Homepage
    I quit using it months ago. Every time I had to go to their DNS to do a lookup I didn't have cached, the first lookup would timeout every single time. The second lookup would only work about 50%. Last time I checked, they were just as bad as ever. I've pointed several friends to OpenDNS and they were all amazed at the difference. Charter's customer server is horrendous and the only reason they have a market lead in this area is because they have exclusive service in so many apartments and subdivisions.
    • by OS24Ever (245667) *
      Same thing happened with Sprint and their DSL. I believe they use Earthlink if I remember right. At least from the Raleigh area in North Carolina their DNS was incredibly slow/timed out. Switched to OpenDNS and have had no problems ever since.
  • by Lumpy (12016) on Thursday February 15, 2007 @08:40AM (#18022632) Homepage
    Every customer we set up I add openDNS as the secondary DNS in their router which act's as their DNS server. Granted you can only do this with a decent router or in our case the buffalo router with DD-WRT installed. (every customer has a DD-WRT router as we will only work with our router and not anyone elses)

    Comcast is notorius for having their DNS dead and by us adding in a secondary DNS that is not ISP locked it gives them more days without problems than their neighbors.

    Any geek that is not running a dd-WRT or a OpenWRT router at home is missing out.
    • Re: (Score:3, Funny)

      by VCAGuy (660954)

      Any geek that is not running a dd-WRT or a OpenWRT router at home is missing out.
      Well now I wouldn't say that, I'm running a Nortel Contivity 1050...
  • by Anonymous Coward on Thursday February 15, 2007 @08:41AM (#18022644)
    Of course, if you're running your own BIND server on your NATted network, which forwards non-local queries to the upstream DNSs, you can use something like what ISC recommends in case of SiteFinder. In /etc/named.conf:

    zone "COM" {type delegation-only; };
    zone "NET" {type delegation-only; };

    See their site [isc.org] for more info.
    • "If you have your own DNS..." there is no need for it to forward to your ISP's DNS at all, it can talk to the roots (whats what named.root is about) directly, and follow delegations from there. And yes, delegation-only is a good thing, but in that case, its only relevant (or needed) to counteract stuff Verisign/Netsol puts in the TLD zones themselves.
      • by Fastolfe (1470)
        Your DNS resolution performance will suffer, however. Unless your DNS server is resolving a ridiculous amount of names all the time, your cache is going to be mostly empty, which means every name not in the cache is going to require hitting up other servers to get it resolved. You can either forward those requests to your ISP's (nearby) DNS server, and get the benefits of their cache (which probably is resolving a ridiculous amount of names on behalf of all of its other customers), or resolve it yourself,
        • by ivan256 (17499)
          Yeah, but for the most part you probably hit the same sites over and over, so the hit won't be that bad. Not as bad as having your usage hijacked by your ISP.

          When DNS fails to resolve, many browsers decide not to clutter your history with the bogus URL. Now if everything "successfully" resolves to some craptacular (Comcastic?) filler page that particular excellent feature will be useless. Nothing like helping your users by turning valid error messages into artificial successes... At least it will cut back o
        • I've run my own recursive server that does not forward to the ISPs for about 8 years and have never had a problem with slow resolution.

          The only time its even noticable is when doing a traceroute with name resolution, and even then I'm surprised at how fast most names resolve.

          • by Fastolfe (1470)
            I've run my own recursive server that does not forward to ISPs for about 10 years, and I too do not have a "problem" with slow resolution. However, I wasn't talking about slow resolution, I was talking about slower resolution than the alternative. It might seem peppy for you either way, but some people notice fractions of a second when they're trying to pull up a web page. If the resolution speed doesn't bother you, then don't worry about it, but if it might be a factor for you, try it with and without f
            • by swb (14022)
              My guess is that direct query of my ISPs nameservers would be better than using my local nameserver with theirs specified as a forwarder, since it would eliminate the transactional latency of my own nameserver.

              • Re: (Score:3, Insightful)

                by Fastolfe (1470)
                And now we're back where we started, with our provider's DNS servers responding with A records for non-existing domains.
  • by Odiumjunkie (926074) on Thursday February 15, 2007 @08:41AM (#18022652) Journal
    How does OpenDNS make money? [opendns.com]

    OpenDNS makes money by offering clearly labeled advertisements alongside organic search results when the domain entered is not valid and not a typo we can fix. OpenDNS will provide additional services on top of its enhanced DNS service, and some of them may cost money. Speedy, reliable DNS will always be free.
    • by Waffle Iron (339739) on Thursday February 15, 2007 @09:53AM (#18023478)
      It's different because you're not already paying OpenDNS $29.99/month for the privilege to see their ads.
    • Re: (Score:2, Insightful)

      by fmobus (831767)
      it differs in the fact that OpenDNS is clearly an opt-in service.
  • Isn't there some sort of DNS standard that prevents this type of situation? There are applications out there that depend on getting reliable errors back from DNS. With such pages, DNS will always return an IP, even if none is registered. Sitefinder-like DNS breaks applications.

    It's becoming increasingly clear that, in order to protect the internet from the greedy hands of corporations, we need to adopt their tactics; patent the DNS standard and trademark the "DNS" label, so nobody can mangle it and still cl
    • Re: (Score:3, Insightful)

      by davmoo (63521)
      The FOSS community should start to pro-actively patent, copyright and trademark anything they can, so no corporation can mess it up.

      The problem with this is FOSS rarely innovates. The community is usually playing "follow the leader", and duplicating software that is already available on the commercial market.

      I swear I'm not purposely trying to be a negative ass, that's just how it is. 99 percent of FOSS comes in to being because someone wants a free (beer/speech) equivalent to a closed source and costs mo
      • Re: (Score:2, Insightful)

        by Anonymous Coward
        > The problem with this is FOSS rarely innovates.

        Come on, you can do better.
        Take for example the GNU-tools who spread on most Unices because they were _better_ than their CS-counterparts.

        Besides that the whole internet was built on (natural) FOSS.

        And then companys with an innovative image (read apple) litterally build on FOSS.

        It's just that most software is rarely innovative and FOSS is no exception to that.
        • by drinkypoo (153816)

          The problem with this is FOSS rarely innovates.

          Come on, you can do better. Take for example the GNU-tools who spread on most Unices because they were _better_ than their CS-counterparts.

          The GNU toolchain (or userland, I can't tell which you're talking about, but this applies equally well) is an example of evolution, not revolution. First they implemented precisely the same functionality as the programs they were replacing. Then they added more functionality, and became the dominant force. However, las

      • by spitzak (4019)
        You are completely ignoring infrastructure, such as DNS itself, which is entirely designed as FOSS and "copied" by MS and Apple.

        But I can give you that, as most people do not even think about it as "software". Certainly I agree that FOSS things that resemble boxed software are copies. But your cheap shot that the reason is that the writers want it for "free" is obviously bogus.

        It is plenty obvious that about 80% of the desire to copy commercial software is to make a version that works on Linux.

        About 15% of
      • by evilviper (135110)

        The problem with this is FOSS rarely innovates.

        As opposed to the commercial software industry, which you can hardly STOP from innovating...

        Give me a break. 99% of software out there was copied from something else, with trivial improvements, be it commercial, or Open Source. Or did you think Microsoft invented the Word Processor, and Spreadsheet?

        IMHO, at the end of the day, OSS is innovating much more than the commercial software industry. Copying of ideas goes both ways.

    • by dcowart (13321)
      Burning my chance to mod but....

      They have dealt with this in ISCs BIND. You can add:

      zone "COM" {type delegation-only; };
      zone "NET" {type delegation-only; };

      to your named.conf file to allow only the "correct" servers to respond.

      As far as copyright/patent/trademarking that is the what the Free Software Foundation and the GNU project try to do. MS does this to, AD is part of their process of "embracing and extending" "core internet protocols" (see the Halloween docments). DNS is tightly integrated in AD and
    • Trouble is, no one knows what DNS is.

      We'd need to trademark words like "Internet" and "World Wide Web" and related terms that people understand. That way, no one could legally claim to have a website if it required Flash to run, and no one could legally claim to be an ISP unless they provided, at the bare mininum, DHCP and normal, functioning DNS.

      Unfortunately, it's a pipe dream. These words are pretty much public domain now, and the public has an understanding of it. I bet you could still make a court case
  • ORSN is better. (Score:5, Interesting)

    by JamesTRexx (675890) <m.nystrom@mb i t z . nl> on Thursday February 15, 2007 @09:02AM (#18022796) Homepage Journal
    I've been looking at different alternatives to the standard root servers and didn't like OpenDNS either as they also change DNS replies.
    My search ended with ORSN [orsn.net], a European "backup" of ICANN servers. This way I shouldn't be affected by attacks and outages on ICANN servers.
    • Re: (Score:3, Informative)

      by giorgiofr (887762)
      That's exactly what I did and what everybody who complains about ICANN should be doing too. Besides, ORSN's servers are quite fast: the *real* reason why I ditched my ISP's DNS servers was that they took forever to answer and THEN proceeded to show you ads to boot. Needless to say, I require to know whether the host I *actually want to connect to* is up, down or feeling sick, not their ad servers.
    • by drinkypoo (153816)
      OpenDNS allows you to opt-out of their query tweaking crap so you can get a proper DNS result. Nice FUD.
  • My DNS settings (Score:2, Informative)

    by dosius (230542)
    nameserver 151.203.0.85
    nameserver 151.202.0.85
    nameserver 65.121.99.5
    nameserver 65.121.99.6

    And rest assured, so far, neither ISP whose nameservers I'm using seems broken at the moment. (The first two are Verizon, the last two are Coffeynet)

    -uso.
  • Hosts file (Score:4, Interesting)

    by DebateG (1001165) on Thursday February 15, 2007 @09:38AM (#18023270)
    I have Charter, and this annoys me to no end. I simply added www11.charter.net (the website they're currently redirecting me to) to my hosts file, so I get an "Unable to connect" message. It's not perfect, but it at least gives me a somewhat meaningful error.
  • by philgarlic (875387) on Thursday February 15, 2007 @09:55AM (#18023518) Homepage
    I talked to their tech support a few days ago about this shadiness. He had no idea this was going on, and rightfully thought it was a malware/spyware problem at first, until I explained a little more clearly what was going on, and he did some poking around and found other blog and forum posts about this. He seemed somewhat surprised that Charter would engage in such a practice and that no one had been told about it.

    He was talking with level 2 support while he was on with me and said that they just kept telling him it was probably malware/spyware. Hilarious that they at least see it that way too, but sad that their company pulls this shit on them without telling anyone first. I asked him for a followup, he said he'd pass it along to level 2, I gave him my email address, and that was that. I don't exactly expect to ever hear back from them, so I'll probably have to make a stink at a city Cable Board meeting to get any response.

    In the meantime, I hope other folks out there start repeatedly and publicly asking Charter:

    - Were they ever going to make an announcement/disclosure to allow customers to opt-out, or at least tell their staff about it?
    - Will they provide options for customers who don't allow or regularly clear cookies, such as a non-redirecting DNS?
    - Why were they pointing people towards http://optin.charter.net/ [charter.net] , which doesn't exist?
    - How much information do they gather about visitors to their link farm?
    - Is there a third-party involved providing Charter the redirect (like Barefruit did for Earthlink?)
    - How much money are they making from their link farm affiliates?
    - Most importantly, do we have any guarantees that they aren't redirecting or degrading other network traffic?

    In the meantime, I've switched my DNS over to Level3 (4.2.2.2 and 4.2.2.3).
  • by _peter (54875) on Thursday February 15, 2007 @09:59AM (#18023572) Homepage
    I noticed this last night, called to complain about it, and spent over an hour on the phone with their tech support. First I had to convince them it was really happening and it was a change to their DNS, it wasn't some browser setting I had ``accidentally'' changed. So they apparently made this change without letting their 1st and 2nd level support know about it.

    Then once I got high enough, they tried to weasel out of it with their lame opt-out solution, which even if it worked wouldn't help when I'm making non-browser-based connections. So I guess they want all of my typo'd telnet, ssh, ftp and ping commands to hit their search server instead?

    At the end, I asked to be transferred to account services to cancel (gosh I hope Bell doesn't pull the same shit in a month), and the admittedly very understanding engineer begged for a day to look into a way to completely remove the feature from my account. So I'll be calling back tonight.

  • Comcast rents you a wireless router but they install some firmware that doesn't allow you to use all functionality. I think there is no way to put openDNS on those? I didn't see any menu that said "DNS" or similar...
    • by ivan256 (17499)
      DNS isn't configured on your router. It's configured on your host.

      However just because it has "open" in the name doesn't mean it's any better than anything else. Just run your own DNS. It's easy, free, fast, and doesn't pull any of this crap.
  • Earthlink started this. My local ISP (Cavalier Telephone [cavtel.com]) has been doing this for 6 months.
  • by davidu (18) on Thursday February 15, 2007 @11:41AM (#18025154) Homepage Journal

    I'm not surprised ISPs are doing this. More will be doing this. What does surprise me is how ISPs try to do this silently and behind closed-door without informing their customers, or even their tech support in some cases.

    Think about it this way: Any change an ISP makes that results in 1% (or more) of their customer base calling in for technical support is a cost nightmare. Customer Service is a (*the*) major cost center for ISPs. I guess we have to imagine that they are making more money than the pain of doing the customer service is costing them.

    The other thing that surprises me (and obviously I'm biased since I run OpenDNS) is that the search results page linked above is 100% ad-driven. There are no no organic search results for my typo (as far as I can tell). Moreover, when I click on a category to "refine" my results they totally remove the typo'd domain that I had there in the first place instead just giving me generic ads for a category (which is a mediocre CPC on their side) and a crappy search experience on the user side. There is absolutely no user-benefit to what Charter has done here.

    I'm proud to say that our page [opendns.com] is getting better and better every single day. Compare [opendns.com] and contrast [charter.net]. Not only that, but we're driving more and more innovation in both user navigation and fundamental DNS operations. These things go hand in hand. Fundamentally the DNS is about navigation. It's about helping users get where they are trying to go. That's exactly what we intend to help our users do. We know that the changes we have made to how our DNS servers operate aren't for every user which is why we are so clear about how our system works and is why make sure we can manage account settings on a per IP basis (CIDR-style preferences down to /32's).

    As usual, I'm happy to answer questions where I can.

    -david ulevitch

  • Just how does a DNS error page work? Is this a specially crafted UDP packet on port 53? Don't think I've seen one of them. Returning the IP of a charter http server instead of NXDOMAIN for non resolvable domains is NOT a DNS error page (FFS). And thats the problem, its DNS and it should return a DNS error. TCP/IP is not the intraweb. HTML infomercials don't help one iota when you've mistyped a hostname into anything other than a web browser, whereas NXDOMAIN does.
    • by Kalriath (849904)
      This is definitely right. More importantly, will this intercept (and reply with their "special IP" to) requests for records of type MX? How about SRV? Or TXT? If it DOES, we're looking at serious problems with mail servers thinking sites exist but with SMTP down (and therefore causing Transient, "will retry later" errors, rather than permanent, "domain doesn't exist, nope, not trying again" errors)
  • Triumph of marketing over rationality.

    Just because it says "open" at the front it's better? What makes it open? It looks closed to me. It's run as a for profit company, and if you want any control over it you have to give them personal data.
  • I emailed them a complaint about it yesterday. In some places the DNS redirects started over two weeks ago.

    What pisses me off the most is that if I click "opt out", further redirects go to live.com. It's a fake opt-out. There is no opt-out.
    • by dtfinch (661405) *
      Today they responded with alternate dns servers to use that don't have that annoying feature.
  • Just checked with a client who lives in Saginaw. Using default DHCP settings which presumably point to Charter's DNS servers, we just get normal dns lookup errors. Now, Charter does know they are using Macs, and I noticed the www11.charter.com webpage that others here have cited on slashdot currently seems designed to look like a PC error page so is it possible they are doing this on limited basis? Who knows.

    I had not heard that ISPs are starting to do this... If so we'll have to do some investigation. We
  • In my area at least, Charter rolled out this bullshit on the same day they announced a rate hike. They want you to pay more for this "service".

    The most damning part is that "opting-out" just forwards you to "Windows Live" instead, which is obviously an attempt to pretend that they aren't doing what they're doing by doing what Internet Explorer would do anyway. Fuck you, Charter.

God doesn't play dice. -- Albert Einstein

Working...