9

First question here. I had a problem with my Internet provider's modem, model Sagecom F@st 3890v3. The problem was that it pointed the device DNS Suffix to utopia.net

Comcast had this problem (utopia.net hijack), now my Internet Provider is having the same problem. The first time I called them they didn't want to change me anything, so I needed to call some more times, escalate, and finally I got a new modem from them but I filed a claim in the Consumer Protection local website anyway. There are a lot of people here having the same problem!!

Story short, the people at Consumer Protection don't have technicians who can assure that having a DNS suffix that don't point to the provider's servers (pointing to a "strange" server) can do something bad to your internet safety.

So I looked everywhere, read a lot of info, and I still can't understand what happens when you have your DNS Suffix not pointing to a trustable server. I tried to understand the concept of DNS Suffix, but I don't really get it... I know what a DNS, etc. I work as and IT in a small company.

I would like someone who can explain me deeply about all this.

Thank in advance!

Dan Chelger
  • 93

1 Answers1

14

The DNS suffix is automatically appended to all domain names when making a DNS lookup. (That's why it is called a "suffix", and there's nothing more to it.) This parameter is announced via DHCP to all hosts on the network.

For example, if a company office has a server called "app.example.com", they can announce DNS suffix "example.com" via DHCP and the same server becomes accessible simply as "app". Whenever you visit http://app/ the OS will automatically try http://app.<DNS_suffix>/ instead, saving employees a bit of unnecessary typing.

(The same goes for home routers, which often have a DNS suffix like "lan" or "home" and use it to let you access your local computers and other devices by name.)

However, various operating systems do it somewhat differently:

  • You could argue that it only makes practical sense to append the DNS suffix to names which have no dot in them at all (e.g. app but not app.co.uk), and that's what Linux does.
  • And you could argue that it is technically correct to append the DNS suffix to any name that doesn't end with a dot, even if it has multiple dots internally, and that's what Windows does.

The Windows behavior, while technically correct (only names ending with a . are "absolute"), is what makes the DNS suffix hijacking a real problem – because nearly 100% of domain names in use by programs do not end with a ., and therefore will have the DNS suffix appended.

For example, when you visit http://google.com/ (as a Comcast user), the browser will try accessing the domain google.com.utopia.net. before the real google.com., and you can see that the former is at the mercy of whoever controls utopia.net.

grawity
  • 501,077