ad.doubleclick.net missing from DNS?

Mailman List Mirror (Read Only)
1

The A record for ad.doubleclick.net is missing from DNS. This is
causing apparent web page slowdowns when viewing web sites containing ads
linked to ad.doubleclick.net

2

The A record for ad.doubleclick.net is missing from DNS. This is
causing apparent web page slowdowns when viewing web sites containing ads
linked to ad.doubleclick.net

Adding an entry in LMHOSTS or /etc/hosts pointing ad.doubleclick.net
to 127.0.0.1 is generally a good idea, especially if you value your
privacy.

---Rico

3

Sounds neat idea, worth giving a try.

Mehmet Akcin
www.akcin.net

-----�zg�n �leti-----
Kimden: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] Yerine Ricardo
"Rick" Gonzalez
Tarih: Tuesday, July 27, 2004 7:59 PM
Kime: Sean Donelan
Bilgi: nanog@merit.edu
Konu: Re: ad.doubleclick.net missing from DNS?

The A record for ad.doubleclick.net is missing from DNS. This is
causing apparent web page slowdowns when viewing web sites containing ads
linked to ad.doubleclick.net

Adding an entry in LMHOSTS or /etc/hosts pointing ad.doubleclick.net
to 127.0.0.1 is generally a good idea, especially if you value your
privacy.

---Rico

4

Hi,

5

Once upon a time, Sean Donelan <sean@donelan.com> said:

The A record for ad.doubleclick.net is missing from DNS. This is
causing apparent web page slowdowns when viewing web sites containing ads
linked to ad.doubleclick.net

It looks like the problem isn't that the A record is missing, it is that
the nameservers are missing:

ask(ad.doubleclick.net)(A): ns1.doubleclick.net ns2.doubleclick.net ns3.doubleclick.net ns4.doubleclick.net
;; send_udp(216.73.86.10:53)
;; send_udp(216.73.87.10:53)
;; send_udp(216.73.85.10:53)
;; send_udp(216.73.81.10:53)
;; send_udp(216.73.86.10:53)
;; send_udp(216.73.87.10:53)
;; send_udp(216.73.85.10:53)
;; send_udp(216.73.81.10:53)
;; send_udp(216.73.86.10:53)
;; send_udp(216.73.87.10:53)
;; send_udp(216.73.85.10:53)
;; send_udp(216.73.81.10:53)
ad.doubleclick.net: query timed out

6

Sean Donelan(sean@donelan.com)@2004.07.27 12:34:04 +0000:

The A record for ad.doubleclick.net is missing from DNS. This is
causing apparent web page slowdowns when viewing web sites containing ads
linked to ad.doubleclick.net

Short remedy recipee:
- Download Firefox -> http://www.mozilla.org
- Install AdBlocker Extension (Tools>Extensions>Get Extensions...)
- Block http://*.doubleclick.net/
- Add more rules to your gusto and have a pleasant browsing experience :wink:

Regards,
/k

7

http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html
  DoubleClick spokeswoman Jennifer Blum said the attack targeted the
  company's domain name servers (DNS) -- machines that help direct
  Internet traffic -- causing "severe service disruptions" for all 900 of
  its customers. Blum said the outage was caused by a distributed
  denial-of-service attack, in which hackers use the firepower of
  thousands of hijacked computers to flood a Web site with so many bogus
  Web page requests that it renders the site unavailable to legitimate
  users.
[...]
  The FBI is not investigating the incident because DoubleClick has not
  filed a report, said bureau spokeswoman Megan Baroska.

8

While I disagree with the method of the attacker, I
can understand the reasoning behind an attack on a
company that is considered a spyware company,
doubleclick certainly has turned up more than once on
my version of spybot as a site to block.....

-Henry

http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html

9

Now the question is, can one easily block all of doubleclick.net by 127.0.0.1 in the hosts file
on a wincrash box? They appear to have ad, ad2, ad3, m2, m3.doubleclick.net. Anyone know
what hosts to list??? (ie: ad2, ad3 ... to ad<x>???)

10

I got my list from somewhere else, but lost the link. Try:

http://www.google.com/search?hl=en&ie=UTF-8&q=hosts+ad+blocking+servers&btnG=Google+Search

Lot's there.

JMH

John Palmer wrote:

11

Been fixing that for a good 6 years now. Just setup your local name
servers to be authoritative for doubleclick.net and don't put any A
records in the file. Works like a charm. :wink:

Chris

12

> ... what hosts to list??? (ie: ad2, ad3 ... to ad<x>???)

Been fixing that for a good 6 years now. Just setup your local name
servers to be authoritative for doubleclick.net and don't put any A
records in the file. Works like a charm. :wink:

on the one hand, you'd need a wildcard A RR at *.doubleclick.net to
achieve this result. the above text does not mention this, and leads
one to believe that an apex A RR at doubleclick.net would have an effect.

on the other hand, if you do this for a nameserver that your customers
depend on, then there is probably some liability for either trademark
infringement, tortious interference with prospective economic advantage,
and the gods alone know what else. if you do this, keep it to a server
you run on 127.0.0.1 and ensure that you are its only user.

13

Paul Vixie wrote:

on the other hand, if you do this for a nameserver that your customers
depend on, then there is probably some liability for either trademark
infringement, tortious interference with prospective economic advantage,
and the gods alone know what else. if you do this, keep it to a server
you run on 127.0.0.1 and ensure that you are its only user.

Where is it written that a server has to carry other people's non-
revenue advertizing or links to it?

14

on the one hand, you'd need a wildcard A RR at *.doubleclick.net to
achieve this result. the above text does not mention this, and leads
one to believe that an apex A RR at doubleclick.net would have an effect.

Depends what you are trying to do. I'm perfectly happy to have
*.doubleclick.net return a "host not found", so a file with no A records
works fine for me.

on the other hand, if you do this for a nameserver that your customers
depend on, then there is probably some liability for either trademark
infringement, tortious interference with prospective economic advantage,
and the gods alone know what else.

Guess I don't see this as being any different than restricting access
based on port number or IP address. If your SLA empowers you to
selectively block traffic, what's the difference?

I agree however that at the ISP level its probably good practice to
_not_ do this. Then again, when I had my ISP I did filter out
doubleclick as well as certain IPs and ports. This was in the SLA
however so clients knew this was happening (and considered it a
"feature") before they signed up for service.

C

15

Paul Vixie wrote:

on the other hand, if you do this for a nameserver that your customers
depend on, then there is probably some liability for either trademark
infringement, tortious interference with prospective economic advantage,
and the gods alone know what else. if you do this, keep it to a server
you run on 127.0.0.1 and ensure that you are its only user.

LarrySheldon@cox.net ("Laurence F. Sheldon, Jr.") said:

Where is it written that a server has to carry other people's non-
revenue advertizing or links to it?

what i've discovered, not by going to law school but by being sued a lot,
is that "prospective economic advantage" means whatever a judge thinks it
should mean, and "tortious interference" with same ought to be carefully
considered. it's the 21st century, and domain names are trademarks in all
but fact. if you cause someone else's domain name to stop working for a
population larger than yourself, and if the domainholder would have made
money had you not done so, then you could be in for a rough ride. don't
take my word for it -- if you're an ISP, you've got a lawyer you can ask.

Chris Brenton said:

Guess I don't see this as being any different than restricting access
based on port number or IP address. If your SLA empowers you to
selectively block traffic, what's the difference?

convincing a judge that your customers were aware of that provision when
they signed on is "hard". convincing a judge that your customers had the
ability to choose a different isp at a similar price/feature level but
without this selective blocking is "very hard". you might get a sane and
technically savvy judge of the civil libertarian variety -- it's a dice
roll. all i'm saying is, talk to your lawyer before you do it.

Paul Vixie also wrote:

16

Couple of methods that have worked for me.

If you have squid or similar, you can get a plugin that lets you redirect
various sites/domains to a 1x1 transparent gif. This method is preferred
since it only requires a single list to maintain.

If you have a local nameserver and webserver, then make your dns server
authoritative for the domains and redirect queries to a sink address on
the web server, and config the web server to answer such requests with
that 1x1 transparent gif object. This is more difficult (have to maintain
the named.conf list of domains and the apache list of virtual hosts) but
overruling the domain names has a lot of potential power for other uses
too, possibly including spam blocking, if you are so configured.

In both cases, the gif mime-type will overwrite whatever content was
originally specified, and the gif is scaled to whatever is specified by
the html layout, so using a 1x1 transparent gif doesn't usually cause
problems.

The hard part here is managing the list of blocked sites, restarting the
service, etc.

And like Paul said, think about the ramifications of providing such
features to a secondary organization and/or user. Making them manually
configure their proxy/resolver settings may be enough, but IANAL.

17

Not here, even works when I'm not connected:

;; ANSWER SECTION:
ad.doubleclick.net. 86400 IN A 127.0.0.1
ad.doubleclick.net. 86400 IN AAAA ::1

What? Me subverting things? Naaah.

/måns, catching up.