I understood the whole article is supposed to be about them, except that this fact is very much disguised by a poor quality of the article.
The statement of "DNS server in question not passing the query directly to the search engine but through a host of other URLs" is factually nonsense - DNS server only is supposed to pass the query (that being a query for an A/AAAA records in the browser case, not the search query as they imply) to the authoritative servers within the hierarchy.
I think what this article means is as follows:
- the browsers try the name lookup on the DNS before treating the contents in the address bar as a search query.
- this treatment happens if the DNS replies NXDOMAIN
- if the domain exists (the browser gets A/AAAA record), the browser contacts the server in the reply.
- so the malicious DNS servers take the queries for which they are supposed to return the NXDOMAIN and instead interpret them and return the A/AAAA answers pointing to the servers filled with ads related to the keyword which was present in the DNS query.
- this is bad.
Of course this kind of "setup" breaks other applications besides the web - but, HTTP being north of 90% traffic volume, no-one cares too much, probably.
The statement of "DNS server in question not passing the query directly to the search engine but through a host of other URLs" is factually nonsense - DNS server only is supposed to pass the query (that being a query for an A/AAAA records in the browser case, not the search query as they imply) to the authoritative servers within the hierarchy.
I think what this article means is as follows:
- the browsers try the name lookup on the DNS before treating the contents in the address bar as a search query.
- this treatment happens if the DNS replies NXDOMAIN
- if the domain exists (the browser gets A/AAAA record), the browser contacts the server in the reply.
- so the malicious DNS servers take the queries for which they are supposed to return the NXDOMAIN and instead interpret them and return the A/AAAA answers pointing to the servers filled with ads related to the keyword which was present in the DNS query.
- this is bad.
Of course this kind of "setup" breaks other applications besides the web - but, HTTP being north of 90% traffic volume, no-one cares too much, probably.