Much the same way as FON were accidentally blocking access to half of the Flickr image pool because of badly setup DNS, it seems that they are now blocking access to some Google hosted content. That affects some YouTube videos, some of which seem to be hosted on Google servers already, as well as some other Google acquisitions like Orkut.
The screen grab shows what you see when you try to go to one of these videos while connected through the FON AP (and I’m connected to the private network SSID on it here, not the public hotspot SSID). Connecting directly to my local ISP, the video plays without any problem.
Looking a little deeper into what happens for Orkut, here’s the different DNS lookups.
FON DNS:
$ dig www.orkut.com ; < <>> DiG 9.3.1 < <>> www.orkut.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NXDOMAIN, id: 22015 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.orkut.com. IN A ;; Query time: 238 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Sun Aug 26 10:54:53 2007 ;; MSG SIZE rcvd: 31
Sonic.net DNS:
$ dig www.orkut.com ; < <>> DiG 9.3.1 < <>> www.orkut.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 45009 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.orkut.com. IN A ;; ANSWER SECTION: www.orkut.com. 86400 IN A 209.85.141.94 ;; Query time: 115 msec ;; SERVER: 192.168.200.222#53(192.168.200.222) ;; WHEN: Sun Aug 26 10:55:29 2007 ;; MSG SIZE rcvd: 47
And here is what Firefox reports, unsurprisingly, when I try to connect to the Orkut website:
So, once again it looks as though the FON DNS servers are trying to replace the real DNS server for some domains out there. I assume this is done so that they can whitelist Flickr, Google Video and other domains that are accessible through the login page of a FON hotspot. The way they're approaching it is all wrong though.
The key to making this work smoothly is to let the DNS request go through normally, but block access to IP addresses that are not authorised at the access controller. FON has a slightly harder time doing this since their access controller is not in fact a central service. Unlike most hotspots, they don't route all the user traffic over a VPN to their network where a central access controller can manage access; instead they use their APs as access controllers, and use the local network connection for traffic.
The distributed solution to access control is obviously better for FON (otherwise they'd have to pay for the bandwidth for everybody using their network, and the performance would most probably be terrible for people not near their data centre). What they need to do though is come up with a way where they can get the IP addresses of the whitelisted servers, or just blocks allocated to those companies perhaps, pushed out to the APs regularly, and manage the blocking/whitelisting at the IP level. Playing tricks with DNS results will only lead to problems like the ones they had with Flickr, and now with some Google properties.
Is there any solution to this? I just started using my FON router and I’m experiencing the exact same thing. Can you specify a different DNS somehow? Sorry if I sound like an idiot but I don’t know that much about DNS other than the definition of what it is.
Thanks
The simple answer is not easily; you could hard code different DNS servers (such as the ones from your ISP), but that has a number of problems:
a) On a laptop, it would mean that those DNS servers had to be accessible from every network you use (and often an ISPs DNS servers aren’t).
b) If the ISP ever changed them, you have to remember that you had them hardcoded, and update them. If you’re like me, I’d probably forget that I’d hardcoded them in the first place and spend hours debugging the problem.
The good news though is that the top people at FON are aware of the issue; I sent some personal emails to key executives there, and got answers back from all of them to let me know that they are looking into this specific case, as well as working on improvements to the FON DNS mechanism in general to prevent this kind of thing happening again.
Hi,
I have the same problem. I made a post today in english with that same problem.
I can’t see videos from youtube. Fon DNS can’t resolve cache.googlevideo.com
I just add manually my DNS to opendns.org DNS’s servers. It’s fine now.
But this is not good. Fon just got to do something.