BT hijacks DNS queries

I just configured a new DNS name in one of my domains, which did not exist before. The associated IP number is routed to Germany. But while the name was not really up, the answer should have been NXDOMAIN, meaning that the name does not exist. Example:

$ dig blablablablabla.oeko.net

; <<>> DiG 9.9.5-8-Debian <<>> blablablablabla.oeko.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38513
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blablablablabla.oeko.net.      IN      A

;; AUTHORITY SECTION:
oeko.net.               139     IN      SOA     a.ns.oeko.net. hostmaster.oeko.net. 1021018254 16384 2048 1048576 2560

;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 12 21:33:53 CET 2015
;; MSG SIZE  rcvd: 105

But instead, they gave a fake answer:

$ dig bla.oeko.net

; <<>> DiG 9.9.5-8-Debian <<>> bla.oeko.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9013
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bla.oeko.net.          IN  A

;; ANSWER SECTION:
bla.oeko.net.       20  IN  A   92.242.132.15

;; Query time: 32 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Feb 12 19:55:14 GMT 2015
;; MSG SIZE  rcvd: 46
$

As a result, I am unable to check whether my DNS performed correctly, until they deceided to throw the fake answer away.

Of course, this has huge potential for censorship of all kinds, which I have seen in action elsewhere already. I am not the only person aggravated by this kind of behaviour. Please follow the link below to read other people's take on this problem.

Thank you!

Links:

  • http://linuxforums.org.uk/index.php?topic=11464.0

Back to top


Joy And Fun with(out) Network Neutrality

Just today I had an experience about what it can mean to have no network neutrality, taken from my professional work:

A client wanted to check out his brand-new VPN gateway, utilising IPSEC from his road-warrior client and a mobile connection, but it just didn't seem to work. While testing, we found the following:

  • The client could not ping his VPN gateway.
  • No ISAKMP packet arrived at the gateway.

He then cross-checked with wireshark to see which packets actually leave the system, and found that the relevant packets were being sent out by the PC, but didn't arrive at his VPN gateway. This is a strong indication that the mobile carrier blocked his IP packets.

This is not the first, but only the latest such incident I saw in my career.

Needless to say, a carrier who blocks users' packets, is about as useful as a car without an engine...

I demand that carriers who call their service "Internet", be required to indiscriminantly allow all (halfway sane) packets through. I am almost comfortable with someone blocking packets that have no return route (ie., if someone spoofs their source IP number), but that's about all restrictions I can think off the top of my head that I might consider acceptable.

Back to top


Net Neutrality, Customized

Over the last few years, probably everyone who believes in an open Internet with non-discriminating access for all interested parties understood that abolishing Net Neutrality would amount to at least slowly, if not radically fast, driving small sites out of "the Internet", ie. present them with barriers-to-entry that they just can't meet. The result of such an effort would most likely be an Internet that consists mainly of your favourite state's authorities' offerings (aka "e-government"), plus the huge amount of corporation-generated content. Like eg. gambling, advertising, online television etc, but with a decreasing amount of actual user-generated content outside of platforms like Facebook or Google-driven stuff. Perhaps some of the more prominent non-profit projects would also remain highly visible because they are already prominent, and because some corporation deigns to sponsor their online activities as an element of their marketing efforts, but the general tendency is simply much in favour of big platforms, and against independent users trying to create their online activity from the ground up.

The efforts to codify Net Neutrality into telecommunications laws were, from my perspective, noticably supported by an initiative including Google and other big corporations, roughly arguing that abolishing Net Neutrality would result in all those small websites that still may make up the bulk of all web content, becoming roughly invisible because they will no longer be able to afford decent Internet access. I fully agree with this assessment. I'm an avid supporter of Net Neutrality myself, and strongly support the idea that the Internet should be open to everyone, for any purpose, and on basically equal terms, and not be reduced to a new technology for distributing TV.

But now I come across a statement of how "Google makes the Web faster" by - gulp - giving higher page ranks to faster websites, arguing, that websites which load faster, are beneficial to the user experience. I don't dispute that a user might like faster loading sites better than slow ones, but the question must be asked why some sites don't load as fast as others. The answer to that question is, in my opinion, quite often how much the web site owner can, or wants, to invest in having his site load fast. I see this move by Google as a change of course, now that they apparently have amassed enough content and their own broadband interests, to gradually deprecate "foreign" content, as much as all (other) carriers want to do, and to not deliver the best content, but only the best user experience. I understand that Google has to consider their growth, and their position against competitors, but none of them elided the slogan "Don't be evil!", and with the position of a market leader, there comes increased responsibility, too.

To me, this move indicates that Net Neutrality, essential for a "democratic" Internet, suddenly is not considered a value in itself by those big players, but only an instrument that may be used against the competition. I'd say that search (eg.) engines should be obliged to not discriminate against smaller websites with less-capable hosting, but exclusively rely on content-related factors instead. Their lesser visibility will impact search ranking, anyway, since these low-performing sites simply cannot be crawled as effectively and efficiently, as can be well-performing sites.

I'd like to take a moment considering the possible impact, political and otherwise, of this change in the ranking algorithm, and what it would mean if the tuning would be adjusted further, giving even more weight to speed. It would play more in favour of centralisation, restructuring the Internet some more from a level playground for all participants to a medium where ever fewer players set the rules for everyone else.

I hope that Net Neutrality can gain enough independent support to become not only the informal consent amonst old hands of the Internet, but be secured for all those who possibly don't even yet know what it is. But we, the users, need to make it happen. Please take the time to ask your delegates scrutinising questions, and vote accordingly.

External links:

Back to top