FYI: Chromium's network probing accounts for about half DNS root server traffic, says APNIC The Google Chromium team's effort to detect when ISPs are trying to hijack domain name typos has led to a lot of network load: the browser's query response testing routine now accounts for about half of all DNS root server traffic according to a new study. In a post published Friday to the blog of APNIC, the Regional Internet …
This post has been deleted by its author
"Firefox’s captive portal test uses delegated namespace probe queries, directing them away from the root servers towards the browser’s infrastructure." - https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
Exactly. What I type in the address bar is what I want to visit... or probably my history will match after the first few letters. Sadly Firefox copied this omnibar-shambles.
In Firefox if I want to search then I simply ctrl+? (formerly ctrl+k, or whatever search provider and shortcut combo I had created before the search box customisation was borged to become like Chromium).
This post has been deleted by its author
Gets you into Catch 22. If you use a browser that does not implement all the misfeatures of Chrome, you will not get the "full experience" of a growing number of websites. OTOH, a website that does not use those misfeatures will be penalized in search results.
Resistance is Futile! Have a nice day.
If you use a browser that does not implement all the misfeatures of Chrome, you will not get the "full experience" of a growing number of websites.
That's not necessarily a bug but a feature. At the very least it enables the worst marketing departments driving the site development to self-identify.
Your second example isn't enough to stop it. An external vendor I work with embeds Zoom meeting links in their Outlook invites. Since they omit the protocol prefix, Chrome throws it at Google search. If some nefarious actor was able to eavesdrop on all Google searches with zoom.com in them, they could easily crash meetings looking for insider information.
Um... apparently not. The option to use a separate search box still - on this machine - does not stop the address bar calling up the default search engine if you type a random word/phrase in it.
Or have I misunderstood you?
I would like the address bar to return either a valid web page, or a 404 not found.
This post has been deleted by its author
I avoid NXDomain hijacks entirely by turning off search via the address bar. Using a browser on a wide screen monitor, there's no problem keeping separate address and search fields available at all times. Plus, if I have any doubt about what the domain name is, I do a search on it first and select from the google results that look most legitimate.
Oh, and I change the DNS servers at the router level away from my ISP's servers.
I assume the FIRST DNS target is your pi-hole, of course!
So very worth it. Doesn't need to be a pi, either--just create a pretty spartan VM on any appropriate machine and use that as a local DNS. Shocking how much bandwidth is actually saved this way.
(Also saved: Patience with irritanting ads--and at the local network level, so it automatically gets the phone, tablet, etc, as well.)
I detest searching from the address bar. If I wanted to search, I'd search. If I typo, give me a 404 instead of loading some useless and slow-loading nonesensical search screen.
If you're in Europe, it's already illegal
https://en.wikipedia.org/wiki/DNS_hijacking#Response
I agree more should be done - such activities should be considered "rogue", and ISPs who do so should be blacklisted from transit in the same way as spamming or otherwise dodgy ISPs often are.
Why is the UK government going to repeal the laws already in place?
The process of leaving the UK will not impact anything already in place - if it did that would have already happened at the end of last January. Going forwards the UK government can repeal laws that it has passed and few new laws will be enacted that follow EU rules and reg changes.
As for this EU directive very little will change in or out of the EU as the Information Commissioner's Office has not been enforcing the rule anyway. Anyone who wants to stop this type of 'monitoring' has to switch to a service such as google's 8.8.8.8/8.8.4.4 to stop the ISP getting a direct view of what is being requested and encripted DNS to be certain that requests are not being monitored.
Why is the UK government going to repeal the laws already in place?The process of leaving the UK will not impact anything already in place - if it did that would have already happened at the end of last January. Going forwards the UK government can repeal laws that it has passed and few new laws will be enacted that follow EU rules and reg changes.
Why wouldn't they? There are trade deals etc to be made with all sorts of unpleasant regimes by removing British Citizens' rights.
Oh, and you clearly haven't noticed that we are in a transition period before we - now more than likely - crash over a cliff on 1 January next year and lose several extremely valuable rights just on day one. Everything changes. It really does change. Do try and keep up. Maybe make a start by googling pictures of black swans.
Oh, and you clearly haven't noticed that we are in a transition period before we - now more than likely - crash over a cliff on 1 January next year and lose several extremely valuable rights just on day one
My understanding is that the withdrawal bill that had us "leave" on the 31st Jan 2020 (and then start the transition phase) actually wrote everything from the EU into UK law - once we finish the transition phase (however it turns out) the UK government can then start changing laws and rights.
My understanding is that the withdrawal bill that had us "leave" on the 31st Jan 2020 (and then start the transition phase) actually wrote everything from the EU into UK law - once we finish the transition phase (however it turns out) the UK government can then start changing laws and rights.
Many important rights simply vanish overnight.
Just to name a few - My right to live, work and retire in EU states, my right to claim medical expenses from EU states that I am visiting, my right to import and export goods between the UK and the EU without paperwork, customs inspections, excise duty or tariffs (or indeed, even to Northern Ireland if I live in Great Britain), my right to have my qualifications recognized in EU member states, my right to drive my car using my UK insurance, my right even to drive it on my UK licence, my right not to be discriminated against by reason of nationality in EU states.
Well we can turn _omnibox_ into a privacy issue, because every single-word search term is apparently handed to your DNS provider as a lookup. (Yes, I know that ironically, the usual privacy complaint is that it all gets handed to the search engine.)
too late.
They have already done that and are reaping the rewards.
Google is the Internet, Now and for the forseeable Future.
Get used to it people.
And we used to decry MS when users thought the IE is 'The Internet'.
What Inoccent fools we were back then?
"Google is the Internet"
I categorically reject that statement. At most, go ogle is a largish subset of the insecure festering shithole subset of The Internet called "the web". And they are trivially easy to shun. Try it, you might like it.
Hmmm
I will never submit to the terrorists, be they bankers, lawyers, insurance companies or the online variety. Feel free to give up and give in. After all, this is exactly the outcome they are trying to achieve. One can make a stron argument that your comment is in fact a classic example of a shill selling his online wares.....
So, instead of bending over, it is high time the the people of the world send the likes of google, MS, Face Book et al, their walking papers and take back the internet for all the people instead of operating it as weapon used by chosen few against us...
I can see another worry about this behaviour in that you might put in a search term which Chrome looks up the DNS to see if there is a domain name registered for that term, but the domain name might be something you really don't want showing in your ISP DNS look ups for your account as it might look like you have actually visited the site.
Take for instance your looking at how to identify the sex of a black bird, so you put in 'black bird sex' but Chrome looks up to see if blackbirdsex.com exists and this DNS query will get logged by your ISP. If blackbirdsex.com is registered domain and were perhaps a pr0n site which could be illegal in the country where you lived, that might not be something you want to be associated with in the ISP logs.
I thought chrome etc where soon to be using DoH.
DoH to what ever provider the browsers choose will bypass the local dns settings anyway, affording chrome an opportunity to just do lookups against a special google omnibux DoH server reducing root server lookups, preventing eavesdropping & circumventing DNS based controls.
Wondering why your Pihole stopped working despite nothing wrong with it, that’ll be the browser based DoH.
And if the DoH server hasn't got that domain in its cache, what do you think it does?
It checks its upstream server, which at that level will almost certainly be/require a query to the root.
The problem is not the browser querying root directly, it's that everything it's looking up requires that the DNS provider queries root (because NXDOMAINs aren't cached, as well as being randomly generated).
If they checked it with <randomword>.google.com instead, that'd be absolutely fine regardless of protocol - the google.com NS & glue will be cached at all ISPs already.
I'd have thought that by now Google should have a good handle on which servers are run by bar stewards. Minimise the probing to a level needed to keep an eye out for ones ones or changes in existing behaviour. At start-up the browser can then query Google to find out whether its resolver address can be trusted.
"Determining what a browser user wants when the text input is a single word isn't always straightforward – the word could be a search term or a reference to an intranet domain."
Damned straight. Used to be I'd type in e.g. 192.168.1.1 to connect to my router and Chrome would cheerfully convert it to http://192.168.1.1/, try to resolve the address of that URL, fail, and f**k me over as a result.
Effing Google.
They've since fixed that; I no longer have to haul out a different browser just to administer to my router. But damned if that wasn't annoying.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
