Open Rights Group International Says Virgin, Sky Blocking Innocent Sites October 21, 2013
News

New submitter stewartrob70 writes with an explanation of the inadvertent (or at least unwarranted) blocking of innocuous sites that UK ISPs Virgin and Sky are engaged in, as reported by PC Pro. The ISPs’ filtering systems “appear to be blocking innocent third-party sites with apparently little or no human oversight.” stewartrob70 excerpts from a blog posting with an explanation of why: “In order to understand why this specific issue happened, you need to be familiar with a quirk in how DNS is commonly used in third-party load-balanced site deployments. Many third-party load balanced systems, for example those using Amazon’s AWS infrastructure, are enabled by pointing CNAME records at names controlled by those third-party systems. For example www.example.com may be pointed at loadbalancer.example.net. However, ‘example.com’ usually cannot be directly given a CNAME record (CNAME records cannot be mixed with the other record types needed such as those pointing to nameservers and mailservers). A common approach is to point “example.com” to a server that merely redirects all requests to ‘www.example.com.’ From forum posts we can see that it’s this redirection system, in this specific case an A record used for ‘http-redirection-a.dnsmadeeasy.com,’ that has been blocked by the ISPs — probably a court-order-blocked site is also using the service — making numerous sites unavailable for any request made without the ”www’ prefix.”… New submitter stewartrob70 writes with an explanation of the inadvertent (or at least unwarranted) blocking of innocuous sites that UK ISPs Virgin and Sky are engaged in, as reported by PC Pro. The ISPs’ filtering systems “appear to be blocking innocent third-party sites with apparently little or no human oversight.” stewartrob70 excerpts from a blog posting with an explanation of why: “In order to understand why this specific issue happened, you need to be familiar with a quirk in how DNS is commonly used in third-party load-balanced site deployments. Many third-party load balanced systems, for example those using Amazon’s AWS infrastructure, are enabled by pointing CNAME records at names controlled by those third-party systems. For example www.example.com may be pointed at loadbalancer.example.net. However, ‘example.com’ usually cannot be directly given a CNAME record (CNAME records cannot be mixed with the other record types needed such as those pointing to nameservers and mailservers). A common approach is to point “example.com” to a server that merely redirects all requests to ‘www.example.com.’ From forum posts we can see that it’s this redirection system, in this specific case an A record used for ‘http-redirection-a.dnsmadeeasy.com,’ that has been blocked by the ISPs — probably a court-order-blocked site is also using the service — making numerous sites unavailable for any request made without the ”www’ prefix.”

Read more of this story at Slashdot.






Read more http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5SlYfiXeTpU/story01.htm