It was a nightmare tech support problem for Derek Evans, as the network architect at Info-Tech Research Group struggled to figure out why his colleague could no longer connect to the corporate VPN from his home office.
Telecommuting is a normal, and typically smooth-running, practice at the London, Ont.-based consulting firm. But Evans had run into a dead-end with this problem. That’s when he had the affected analyst disconnect from the VPN and send a ping command to an address that only exists on Info-Tech’s internal server, technologynews.net.
“I was very shocked when he sent me the results from that and he was getting replies from a real Internet IP address,” Evans says. “I started a minor panic, going through the list of possibilities in my head.”
Evans eliminated the possibilities – malware wasn’t responsible for poisoning the DNS entry, the domain registry hadn’t lapsed and been purchased by someone else, and there were no problems with the analysts’ hosts file. So the IT worker turned to Google for some answers.
“I immediately got all sorts of forum posts with people bitching about this exact issue,” he says.
Users of Rogers Communications Inc. Internet service all suffer the same symptoms. In a change of service that first surfaced July 18, the broadband ISP has been re-directing Web surfers who type in non-existent URLs to a page laden with advertising. But Rogers is returning an IP address on all false DNS requests to do so.
A screen grab of a Rogers’ page provided to a non-existent address.
As a result, Internet protocols that aren’t Web-based are being broken. Telecommuting workers are unable to connect with their office’s Microsoft Exchange e-mail servers, or file servers through a VPN.
“How many people are connecting to corporate servers from a home office, using Rogers as an ISP?” asks Mark Tauschek, senior research analyst with Info-Tech. “IT administrators across Canada are going to be figuring why this stuff isn’t working.”
Users experiencing the problem have taken to Internet blogs and forums to commiserate about the Domain Name System (DNS) re-directing practice. Many derided the change as breaking DNS, a low-level route of entry that serves as the address book of the Internet.
“Doing this without an opt-in is just another indication of the lack of respect that Rogers has for their customers,” writes one poster at a Digital Home Forum. Another user announces “I Just canceled my Rogers Internet service.”
“There’s quite a bit of outrage going,” Tauschek says. “People are freaking out. This is just really, really bad for Rogers to be doing.”
The practice is dubbed “supported search” results by Rogers, says Nancy Cottenden, director of communications for the company.
It’s “an enhancement to our Rogers Hi-Speed product to eliminate error pages and provide helpful search results based on what a customer is looking for,” she writes in an e-mail statement.
Rogers has also been the target of much criticism from consumers in the blogosphere. Many feel it is unfair to re-direct users to an advertising page when they were seeking a specific Web page. Even incorrect sub-domains of registered public Web sites will re-direct to Rogers – for example, fakeaddress.itbusiness.ca would return a Rogers advertising page.
The change in service is demeaning to customers, says Pat Dryburgh, a graphic designer and blogger who lives in London, Ont. Dryburgh, a Rogers’ customer, joined the chorus of complaints through his personal blog.
“They are benefitting off of something as simple as a typo, and don’t give us the option to opt-out of their ‘helpful service,’” he tells ITBusiness.ca. “For people who don’t understand what’s really in front of them when they show up on that page, it’s very misleading.”
Rogers does offer an opt-out option for customers. But the fix merely re-directs users to a 404-style error page that is hosted on the Rogers server.
Rogers’ tech-support has also been recommending the use of a free, public DNS service like San Franciso, Calif.-based OpenDNS to customers who phone in with problems. Both Drysburgh and Info-Tech’s Evans were pointed to this solution.
But such services rely on DNS re-directs to make their ad revenue, Evans says, and the same problem of returning faulty IP addresses exists as with Rogers.
“The difference is that OpenDNS is free and Rogers, I’ve already paid for,” he adds.
Rogers is inviting customers to contact tech support and resolve any problems, Cottenden says. “We are aware that a small number of customers have encountered problems accessing their employer’s corporate intranet Web sites via VPN and have found a solution.”
No details were provided about Rogers’ solution to the issue.
The Canadian ISP isn’t the first to come up with the idea of re-directing failed DNS requests. In the Fall of 2003, VeriSign introduced its SiteFinder service that did the same thing for all failed requests sent to .com and .net addresses. The Dulles, Va.-based company is the administrator for the top-level domains.
But the practice was objected to by the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit corporation that coordinates the Internet’s naming system. ICANN demanded that VeriSign stop the practice, arguing it breached the contract between the two organizations.
ICANN President Paul Twomey demanded that VeriSign stop re-directing DNS in a letter written Oct. 3, 2003.
“It appears that these change have a substantial adverse effect on the core operation of the DNS, on the stability of the Internet, and on the relevant domains, and may have additional adverse effects in the future,” Twomey wrote.
“These effects appear to be significant, including effects on Web browsing, certain e-mail services and applications, sequenced lookup services and a pervasive problem of incompatibility with other established protocols.”
But ICANN has no plan to intervene with Rogers’ practice. Since Rogers is an ISP and not a top-level domain administrator, the corporation doesn’t have jurisdiction, according to Jason Keenan, spokesperson for ICANN.
Meanwhile, Evans has a work-around for the analyst working from home. He is going to connect with Info-Tech’s VPN and then flush his DNS. That should result in subsequent DNS look-ups going through the VPN and returning the right results.
But to avoid problems, businesses should set up their own DNS servers and allow employees to use it in place of Rogers’ service. Setting up such a server doesn’t require top-notch hardware, and bypassing Rogers servers will eliminate potential problems connecting with VPNs.
Still, Rogers should be acting to fix the problem soon, the network administrator says.
“If I hear they’re not going to fix this thing, I’m going to send out a company-wide e-mail recommending that employees switch from Rogers’,” Evans says.