Breaking DNS with Wildcard records

Charter Communication???s wildcard DNS resolution maybe useful to users surfing the web through a browser, but will break all other IP applications. Error handling needs to be performed locally by the application receiving the error. Handling errors in the network for application traffic causes more problems that they solve. Using wildcard domain names to handle unresolved hosts is bad engineering. Period.

In DNS, there is a one to one or one to many relationship between host names and IP addresses. Wildcard domain names are special cases in the DNS which resolve any unmatched host name to an IP address and are only used when a more specific host name doesn't exist. For example, lets say that you have a zone that resolves www.example.com to your web server, mail.example.com to your mail server, and dns.example.com to your dns server. The host name *.example.com could be defined to resolve to www.example.com. If a user tries to access support.example.com, the name would resolve to www.example.com but mail.example.com would be unaffected.

Unfortunately, in a fit of trying to do the right thing, some ISP's, Charter Communications is just the latest culprit, are using wildcard DNS records to redirect users to an error page , which looks an awful lot like a HTTP 404 page.

Charter Communications About page says "This service automatically eliminates many of the error pages you may encounter as you surf the web." Unfortunately, Charter Communications that the application requesting name resolution is a web browser.If Charter Communications, users are only surfing the WWW sites using browsers, then DNS wildcards might actually be useful, but DNS wildcards break all other IP applications that use domain names. Earthlink has a similar service and they offer an opt-out option that requires users to specify DNS server in their IP configurations. What I find really disturbing is the language the ISP use to describe the benefit of wildcard. Earthlink says "In rare circumstances DNS error page routing may cause problems for some EarthLink customers running various specialty programs or services." I guess specialty programs includes email, ftp, on-line games, IRC, IM, and any number of common IP applications. The very fact that someone mistyped a URL is an error and sending the user to a search page is plain confusing.

Proper Error HandlingVerisign got into hot water back in 2003 with its SiteFinder service that used wildcards in the .com and .net zones that acted like a global redirect and finally withdrew Sitefinder after much public outcry and the involvement of Internet Corporation for Assigned Names and Numbers (ICANN) directed Verisign to suspend the service. Many of the complaints had to do with breaking services like anti-spam and anti-phishing that relies on DNS to locate host names.

There are so many IP applications that use domain names and already have mechanisms to handle irresolvable host names, there is no point in doing the error handling in the network. In fact, doing so breaks any error handling the applications perform. Web browsers like IE7 will helpfully redirect users to search engines when a domain name doesn't resolve. That's OK because the tool you are using, the browser, is at least doing something smart that doesn't break other IP based programs. An FTP program will tell users a host couldn't be found, with wildcard domain names, that FTP program will throw a very different error???Couldn't connect to host???which means something very different than hostname not found.

Charter Communications, and other service providers, are trying to be helpful with their wildcard service. They are trying to help the average user get to the content they are looking for. But don't break DNS to do so.1011