About me
My name is Jose Sandoval, and I'm a software developer. I consult on all areas of software engineering. You can reach me at jose@josesandoval.com.

If you are interested in RESTful web services, I wrote a book titled RESTful Java Web Services.

I was named after my father (Jose) and my grandfather (Felix). The Sandoval last name comes from a little town located in the northern part of the province of Burgos, Spain, called Sandoval de la Reina.

One of the first Sandovals to have set foot in the continent of America was Gonzalo de Sandoval, a conquistador who was led by Hernan Cortez in 1519.

As with many Spanish last names, a coat of arms for it exists.

The color gold means generosity and intellectual pursuit; the black scarf or knight's shield suspender means protector; the helmet signifies wisdom, strength, and invulnerability.

Most popular posts
» REST in Java (Restlet demo)
» Semantic Journal
» Google's GWT + RSS Feed Reader
» Google's GWT + Google's API Example (AJAX)
» XMLHttpRequest Example

Recent posts
» Struts 2 REST Plug-in with HTTP Accept header
» Goals and more goals: 50, to be exact; all from Me...
» The importance of a familiar user interface
» This guy is good: Zlatan Ibrahimovic
» Facebook's profile image bug
» Open source projects: one-to-one marketing
» Is Spain the best team of the world?
» Facebook's personalized web address
» Restlet version 1.1 and 2.0
» Equal time for players, Part One

Archives
» September 2004
» October 2004
» November 2004
» December 2004
» January 2005
» February 2005
» March 2005
» April 2005
» May 2005
» June 2005
» July 2005
» August 2005
» September 2005
» October 2005
» November 2005
» December 2005
» January 2006
» February 2006
» March 2006
» April 2006
» May 2006
» June 2006
» July 2006
» August 2006
» September 2006
» October 2006
» November 2006
» December 2006
» January 2007
» February 2007
» March 2007
» April 2007
» May 2007
» June 2007
» July 2007
» August 2007
» September 2007
» October 2007
» November 2007
» December 2007
» January 2008
» February 2008
» March 2008
» April 2008
» May 2008
» June 2008
» July 2008
» August 2008
» September 2008
» October 2008
» November 2008
» December 2008
» January 2009
» February 2009
» March 2009
» April 2009
» May 2009
» June 2009
» July 2009
» August 2009
» September 2009
» October 2009
» November 2009
» December 2009
» January 2010
» February 2010
» April 2010

Block Bell's or Rogers's DNS hijacking (domainnotfound.ca)
Friday, July 31, 2009

Yesterday night, while surfing around, I noticed that when a domain name wasn't registered I was being redirected to a Bell search page, a page coming from domainnotfound.ca. If you haven't seen it, it looks like this:



When I saw it, I thought my computer was infected with a virus. After looking around my computer for a few minutes, I figured out what was going on. Bell is hijacking invalid or non-existing DNS entries to display, likely, sponsored search results via their network. Note that I was trying to go to someone's LinkedIn profile and also note how this DNS hijacking process is now telling me that LinkedIn doesn't exist, when it clearly does.

I knew that Rogers already did this, but I don't use Rogers, so I've never seen it in action. But now that Bell is doing, I can see clearly that I don't like it.

First, Bell doesn't ask if you want to participate in this practice. Second, if there is any link sponsorship, I don't see any money coming my way. Third, I already pay for my internet service, so I don't think I should unwillingly become another source of revenue for Bell.

I'm not sure if anyone else out there cares that this traffic shaping happens. I'm not even sure if anyone has noticed. However, there is something you can do, and it's doesn't involve using OpenDNS--read their privacy policy first: they can see everything you do and they say that they will sell that information (in fact, that's their business model).

An easier solution is to modify your hosts file in your computer. Your hosts file helps your computer connect to servers faster, by bypassing the process of DNS table look ups (if you don't know what this means, don't worry about it). So, modify your hosts file to look like this:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
127.0.0.1 www.domainnotfound.ca
127.0.0.1 bellcanadaassist.infospace.com
127.0.0.1 assist.infospace.com
::1             localhost

The servers that you need to block are www.domainnotfound.ca, bellcanadaassist.infospace.com, and assist.infospace.com.

Technically speaking, you are not really blocking them; what's happening is that whenever a request to either one of these severs is executed, it resolves the address to your machine (127.0.0.1).

Where is this magical hosts file? In Vista is in C:\Windows\System32\Drivers\etc.

Before modifying this file, make a backup of it. Then add these 3 lines to it:

127.0.0.1 www.domainnotfound.ca
127.0.0.1 bellcanadaassist.infospace.com
127.0.0.1 assist.infospace.com

Save the file, and that's it.

With this minor change, Bell can't hijack your mistakes. And don't bother with Bell's "opt-out" option: it still does the hijacking and the company knows that you made a mistake, but it doesn't do the search because a cookie is set to not go to the search page. In other words, opt-out is not really an opt-out option.

If you are a Rogers user, you'll need to figure out which servers are doing the DNS hijacking, but the solution is the same.

Labels: Bell DNS, DNS hijacking

11:59 AM | 6 comment(s) | Translate Italian German Spanish French Portuguese Arabic Japanese Korean Chinese (S)

---

Comments:

Hello,
Thanks for the trick. Unfortunately, that doesn't quite do it. After modifying my hosts file, I gave it a try and typed "www.dfasdfsd.com" in my browser. The same annoying delay occurred and I got my regular Firefox "Connection Failed", but instead explaining it cannot connect to domainnotfound.ca, not "www.dfasdfsd.com"

From what I understand, what happens is that Bell is still making the highjack happen, but when you are sent to their stupid page on their stupid domain, Firefox will show the typical "Connection Failed".

I hope there is a way to stop them from doing that, it is slowing down my work in a way, plus of course all the other reasons you mentioned.

On another note, you can "opt-out" from this service on domainnotfound.ca. I tried, but it's not true. It only adds a cookie that will have the regular "Connection Failed" or "Domain Not Found" page originating from your browser inserted in their Bell style page. And here comes the most crazy part: the cookie doesn't actualy makes the regular "Connection Failed" or "Domain Not Found" page appear inside their's, it's showing their own modified version of it (in english on my french system and Firefox browser) and with a link to "Manage DNS Search Opt-In/Out Settings"!

Same thing in Internet Explorer, a modified "The page cannot be displayed" page inserted in their own page, in english in my french browser...

This is all completely ridiculous. Any other solution is welcomed, this is frustrating, disrespectful and insulting.

Hi, thanks for the workaround... I'm using Opera as the browser and when I type an address that doesn't exist, it gives me a blank page, not the Page not Found message that OPERA shows. When I remove the lines of text from the hosts file, I get the domainnotfound.ca site again instead.

Hi
Thanks for the tip - using win XP & Firefox 3.0.13 - tried the mod you suggested I get the same thing Bab gets:
Not Found
The requested URL /bellassist/dnsassist/main/ was not found on this server.
from
http://www.domainnotfound.ca/bellassist/dnsassist/main/?domain=www.rogerscup.ca

It's a little better!
Regards

Thank you for this!

Unbelievable, just saw this error now and immediately opted out and blocked it in the hosts file.

Then I complained to Bell over email. I will definetly call them, as well. How dare they pull this kind of stunts?

I just noticed this today. I just couldn't believe it.

This is absolutely despicable that they will break basic internet functionality like this.

This is not a "service". Network Solutions did this in the past and there was a HUGE uproar and they fixed it. And for good reason -- every domain you can make up resolved as valid. Party time for spammers.

I sent a complaint email and if it's not fixed I'll submit a CRTC complaint as well.

Jose Sandoval, thank you for providing reasons why this DNS hijacking practice by Bell Canada Sympatico.ca is unethical. Thanks also for your solutions.

I have created a page and linked back to yours.
http://media.davidspencer.ca/wiki/Stop_Bell_Canada_from_DNS_Hijacking