The trouble with DNS redirection

DNS redirection is when your DNS server deliberately gives you a wrong answer, so that if you are using the DNS lookup for a web page that will redirect you to a different web page.  OpenDNS practices DNS redirection.  A number of ISPs practice DNS redirection.

The reasons given for DNS redirection are: that it can serve as a web filter to block access to malicious or other “undesirable” sites; that it can provide a user friendly web page when you have mistyped a url.  Typically, you are redirected to a page by the ISP or other DNS provider, and commonly that page contains advertising.  Some of us suspect that the advertising is the real reason, allowing the DNS provider to “sell your eyeballs” in order to earn extra income.

I experienced DNS redirection over the last few days.  I was visiting relatives who use Verizon as their ISP, and it seems that Verizon is practicing redirection.

My first example of this was when I tried to visit the uncommon descent blog.  As I have previously commented, that blog has a rather poor DNS setup.  So when the site was slow responding to a DNS lookup, Verizon instead provided a DNS redirection to one of their sites.  I did a command line DNS lookup, to make sure I was getting the correct address.  But it was too late.  A second attempt to browse that blog still gave me the Verizon redirection site instead of the blog.  That’s because firefox, for good security reasons, remembers the IP address used for that web page and continues to use the same IP address until sufficient time has elapsed.  I had to wait several minutes before trying to visit the site again, before I could get to the correct place.

My second example was when I was investigating a phish email.  I checked the phish site, and was redirected to a Verizon page.  The thing about phishes, is that they often redirect to conceal the identity of the phisher.  But I need to be able to distinuish between a phish that deliberately redirects to a Verizon site, and a phish which the DNS provider redirects to a Verizon site.

At that point, I gave up on Verizon for DNS service.  I configured my system to use the google public DNS servers, instead of those made available by Verizon as ISP.  The google servers at least strive to give the correct answers.  So I continued to use the google DNS servers for the remainder of my visit.

Now, back home, I am using my ISP’s DNS servers.  Fortunately my ISP does not yet do DNS redirection.  I hope that continues.


About Neil Rickert

Retired mathematician and computer scientist who dabbles in cognitive science.

One response to “The trouble with DNS redirection”

  1. says :

    I actually question the reasons why you titled this particular article,
    “The trouble with DNS redirection Thoughts on computing”.
    Either way I personally loved the blog!Thank you-Therese


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: