[Chapter-delegates] net neutrality vs DNS redirection
Narelle Clark
Narelle.Clark at optus.com.au
Mon Jul 21 20:53:13 PDT 2008
> From: Alejandro Pisanty [mailto:apisan at servidor.unam.mx]
> Sent: Tuesday, 22 July 2008 12:34 PM
>
> to the rational, inquisitive mind nothing must be sacred or
> at least nothing technical should be exempt of inspection.
:->
> However, in this case - DNS redirection - that exercise has
> been performed extensively in recent years, as a result of
> the Verisign wildcard "exercise".
This discussion started with examples of two ISPs:
1. redirecting 'not found' DNS queries to a 'not found' page that included advertising, and
2. redirecting web access (mail seems to be working) to a sign on page after an unpaid bill
The latter, in my understanding, is quite common.
DNS redirection happens today in many, many ISP networks, usually in the authorisation phase of network access. The most familiar example is where a hotel offering a service to its guests redirects the user to a sign on page, validates the access, then passes traffic normally (usually with a higher latency than a raw connection would). WISPs (eg WiFi ISPs in coffee shops, airports etc) do similarly.
Dial up ISPs have done this for years - redirected traffic to a sign on page, then, once authorisation has been affirmed, the user progresses as normal. This process facilitates online sign on and increases the ease with which users can commence an ISP subscription.
I recall no complaints EVER on this practice.
The former is relatively new (though I recall vendors claiming this ability ten years ago), and in the example we saw it sounded as if it was limited to a consumer ISP - not a tier 2 or 1 service, definitely NOT a registrar.
[I should also make this very clear: I personally have no position on the redirection at the local level to advertising case. Nor does ISOC-AU. [I could be wrong there, as my memory is often faulty!] Please don't construe otherwise!]
> Steve Crocker, whom you probably know as the guy who defined
> the RFCs and has contributed much to the IETF over maybe 35
> years, an ICANN Board liaison for the Security and Stability
> Advisory Committee, and a large chain of other merit badges,
> is telling us here the condensate of the conclusions of that
> discussion: don't mess with the DNS.
>
> I lived through the Verisign wildcard spat as an ICANN Board
> member, so was close to it and the lessons learned, and saw
> some of the ugly things that happen, even for the Web alone,
> and definitely side with this conclusion.
As I said in a previous mail, and reiterated above, a registrar doing this sort of thing is vastly different to a local ISP serving consumers. This difference is the difference between infrastructure provision at the highest level and consumer queries at their immediate DNS.
And yes, I remember the meltdowns on all the lists when verisign did what it did, too. And I remember the hassles in the mail servers...
My argument is that we should not succumb to knee jerk reactions, but look to real issues of neutrality, stability and security.
Cheers
Narelle
ISOC-AU
More information about the Chapter-delegates
mailing list