Slashdot Mirror
Comcast DNS Redirection Launched In Trial Markets
An anonymous reader writes "Comcast has finally launched its DNS Redirector service in trial markets (Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington state), and has submitted a working draft of the technology to the IETF for review. Comcast customers can opt-out from the service by providing their account username and cable modem MAC address. Customers in trial areas using 'old' Comcast DNS servers, or non-Comcast DNS servers, should not be affected by this. This deployment comes after many previous ISPs, like DSLExtreme, were forced to pull the plug on such efforts as a result of customer disapproval/retaliation. Some may remember when VeriSign tried this back in 2003, where it also failed."
Another great press release about how it will be helpful and a "service" for users, while the main purpose is just to gather extra advertisement revenue (while breaking internet standards). I mean, this is what malware do. Oh well, atleast these non-us ISP's dont do such dirty acts to their customers here. Time to voice your opinion maybe?
Some may remember when VeriSign tried this back in 2003, where it also failed.
Oh yeah, way back in the day. But let us not forget Earthlink's attempt at this or Canadian Rogers Cable or Charter or NJ Cabelvision or ... I'm sure you could find no end to this stream of providers offering their customers something the customers simply do not want.
And I'm pretty certain most of those ended or resulted in customers bitching out the provider. Yet here we go again. Why? Well, that's simple: ad revenue.
My work here is dung.
Sounds like time to pick some semi-standard alternate port number and start setting up some alternate recursive DNS servers, something between alt.* and TOR.
Didn't RTFA, but lets call a spade a spade--this is typosquatting
I can't remember the last time I forgot anything.
Qwest has 20Mb/s FTTN DSL installed in much of Colorado now. Qwest isn't a panacea either but is considerably less heinous than f**king Comcast. They're running promotions right now as the FTTN installed base is new.
Before you go calling me a troll, just hear me out, this isn't that big of a deal. It doesnt redirect you to another 3rd party site owned by the NSA, it simply provides a web GUI that suggest sites on what the system thought you wanted to see. You dont have to go any sites you dont want to. The sky isnt falling.
Aren't they still doing it? I know Earthlink is. Morons.
Or is it Comcasted?
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
I've given up on my ISPs (SuddenLink) DNS, it redirects. I've given up on OpenDNS, it redirects. I've given up on DNS Advantage, as they redirect.
All I want is clean unfiltered DNS.
It was *MUCH* easier for me to sign up for basic TV + internet with Comcast than what I ended up doing. I wanted to keep everything at the magic $100/mo. number, so I went with AT&T - DirecTV partnership, where they give you DSL and a dish and DVR, and put it all on one bill. My DSL is 3Mb down/768kb up, where a Speakeasy test at my neighbor showed almost 12Mb down and nearly a full meg up. When he asked "why would you choose that?" - my answer was simple: Comcast.
AT&T doesn't touch my bandwidth. They don't cap it, they don't filter it - they aren't keeping a database of my URL lookups. That's worth a great deal to me - and Comcast will never get my business. I urge everyone else to do the same, even if it is some other DSL provider or dish provider.
I don't want to name names, but Netalyzr showed that several major ISPs already do this, and allows you to check for yourself what the behavior is on your network.
Comcast is following the lead of other major ISPs which have been doing this for some time now.
Test your net with Netalyzr
OpenDNS does the crap.
Rogers has been doing this for ages here in Canada, and they don't offer opt-outs either. And, it's tweaked to fail a lot, it will sometimes redirect google.com to their search engine/ad displaying page. Yay opendns!
Except for the bit where Comcast users not using Comcast DNS servers are unaffected, as per TFS.
Unless you're complaining that they could, in theory, redirect port 53. Frankly, anyone remotely familiar with how the Internet works should know that your ISP *could* completely and arbitrarily control any nonauthenticated protocol, including DNS.
It's COM^H^H^HCRAPTASTIC!
I speak from the perspective of being a RoadRunner user rather than a Comcast user, but RR implements a similar service. They have a link in the lower right of their results page where you can click to set your preferences and disable the "feature". Except just the other week that preference broke for me, and I was stuck with DNS hijacking. I phoned their customer service line, the person on the other end of the line had absolutely no idea what I was talking about.
DNS hijacking is a bit like Phorm without profiling really. Well, assuming there is no profiling. If there was profiling they'd make more money from the ads they'll inevitably insert there to "support" the service (Edit: oh look, they already have!). Personally I put this issue, along with Phorm in a whole category of problems related to the fact that we still don't secure and authenticate most of our activities on the internet (http, dns, yadayada). ISPs can do what they like and it's hard to stop them. Third-party DNS services seem to be the way to go recently. Of course without security/authentication your ISP can put a stop to that quite easily too.
This is all before you get in to the technical details of clients that may implement specific behavior for when bad DNS queries are expected to fail but don't.
OpenDNS does exactly the same. (unless you register account and change it, but thats the case with this comcast thingie aswell)
censorship is thriving here on /.. just so va larry/robbIE (mega suckups that they've become) can try to stay/become as rich as nazis? delete that you pitiful LIEforms.
You can opt out, you know. It says so right in the summary.
Also please don't use "evil" to describe things that are merely inconvenient. It greatly diminishes the horror and suffering people have gone through at the hands of real, actual evil.
Instead of migrating from one punk who pulls this stunt to the next, quit using someone else's recursive resolver and run your own: Unbound - a validating, recursive, and caching DNS resolver. Available for Unix and Windows.
When in doubt, keep trying. When rejected, keep trying. Enough people do this, it becomes the norm. Sad, but true.
ELOI, ELOI, LAMA SABACHTHANI!?
I noticed the summary mentioned several attempts that have failed, but makes no mention of other ISPs that are still doing it. Time Warner Cable is one that has been doing this for a while now (maybe a year?). Anyone know of others?
OpenDNS does the exact same thing. To avoid DNS highjacking if you use OpenDNS, you have to have an account with them, change your preferences and always be identifiable to OpenDNS so that it can apply your preferences. It's easier to opt out at Comcast than to opt out at OpenDNS. Besides, OpenDNS also redirects www.google.com to OpenDNS servers, not just nonexistent domains.
I agree it is evil, but until they do (if they ever do) redirect port 53, people can (and should IMO) use OpenDNS.
/. Most people don't even know what DNS is or why it could be important to them. But if Comcast starts redirecting ports, it will grab a much wider audience because lots of tech people will go postal over the insult and that would be bad press for Comcast.
I really like OpenDNS. There is more to it than just a clean DNS server - though if you check their FAQ, they will also serve links with dead-end web address error messages. You can outright block various kinds of websites (useful if you have kids in the house), and they are actively protecting against DNS cache poisoning, blocking malware sites, etc.
Comcast can do their own ad serving through their own DNS servers and that probably won't raise too many eyebrows except from people like those that frequent
I doubt they will ever redirect 53. And if they do, reaction will be probably be swift.
For a long time, I was having the crap annoyed out of me by it. It didn't even offer suggestions, really, just ads. It broke some of my scripts, too, since it caused a 200 response instead of returning a resolution error like it was supposed to. Fortunately, there was an opt-out link, but it was hard to find. I did opt out though, and now I'm not sure if they're still doing it.
Why exactly does the ISP control DNS?
Given the shenanigans the ISPs and governmental authorities have been up to the last few years, I say we need to rethink TCP. You see, we've been assuming all along that ISPs are not malicious. We need to start assuming they are malicious. The new TCP protocol should only assume that all socket level data is sensitive and therefore must be encrypted as to both its contents AND its destination. This implies traffic shaping, onion routing and a public key based DNS
They can redirect me to a better cable company where I can get more HD channels, and where I don't have to go through (literally) 8 DVR's to get one that doesn't die.
Seriously, I went through a period where my DVR would crash and go into a reboot loop every 3 weeks and someone would have to come and replace it. that went on for almost 3 months
*sigh*
Sadly I'm stuck since I am surrounded by 5 story trees (no dish) and fios will not offer anything on my street ( technically a private road)
This is all done under the assumption that the DNS query is for an HTTP request.
What happens when other services run afoul of this setup?
For example: Is my POP client going to hand my login credentials to a Comcast server, if my email service's DNS does not resolve for some reason?
Cablevision already does this in the Northeast US. :(
Real evil is like real beauty. Both are nothing more than opinion. Stop trying to make your emotions seem important.
No.
Knock this shit off and mods, wise the fuck up. Just because it has "open" in the name doesn't make it suddenly good and benevolent, They do the exact same fucking thing.
Anyone who's been on slashdot for more than a week or two probably has seen dozens of comments suggesting OpenDNS in cases like this, always modded up. Every single time people post corrections pointing out that they do the same thing. Does anyone ever listen?
Wise the fuck up
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Why do these OpenDNS posts keep getting modded up? OpenDNS utilizes the very practices this article bemoans! If you query a domain that does not exist, your browser is redirected to OpenDNS's ad-laden spam site.
Despite their claims to the contrary, OpenDNS's servers are likely farther away from you than your local ISP's. They also keep permanent logs of all queries, which could be subpoenaed by a government entity. Their joke of a privacy policy allows them to sell your logs to "Affiliated Businesses", which pretty much means anybody. Not that it really matters - they could amend their privacy policy tomorrow morning and be selling your info by the afternoon.
I think many people read the "Open" part of the OpenDNS name and turn their brains off.
How exactly does a customer "retaliate", other than canceling their service, which is grossly impractical, given that, for example, in Boston, one only has 1-2 choices in cost-effective, high-speed internet access? Verizon services almost all suburban areas in MA with FiOS, but not anywhere in Boston, Cambridge, etc....so your choices are shitty DSL for $$$, or Comcast.
Please help metamoderate.
These never get old
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
Getting a valid IP on an invalid name while trying to set up an FTP, SMTP, POP, etc connection (to name a few) could break the app (which assumes the internet standards are obeyed).
Never assume; when you do you make an ass of Uma Thurman.
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
Just go to the site below and opt-out :)
https://dns-opt-out.comcast.net/
DNS redirection allows an ISP to quickly block infected PCs from participating in distributed attacks that rely on DNS.
But then I noticed that OpenDNS also does DNS redirection!
The scary thing was, that of course this even works when I mistype Intranet addresses. (Should have been obvious to me, but I did not think about having switched to OpenDNS when this happened, and got very scared about the possibility of a MITM attack.)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
The headline should read:
"Comcast Colludes With Yahoo! to Redirect Miss-typed URL Traffic for their own Profit"
Question everything
My ISP did it for a while. The problem was that it was badly implemented and increased to load on the upstream DNS services.
So if the middle layer DNS cache was empty and I asked for
mybank.com the bottom level DNS timed out and it failed over to the advertising page.
---
Think of searching on coke.com or any real address then the system failing and redirecting you to pepsi.com.
Think of the lawsuits. Think of the denial of service attacks possible
a) register not_mybank.com, have spoof of mybank.com page ready to launch
b) pay to have a fail on mybank.com route to not_mybank.com
c) denial of service attack to root servers for mybank.com, flip in your spoof page
d) have the ISP's magically send people to your spoof site from their saved URL's and collect passwords
Yeah this is a good idea.
If you think my emotions were involved in that comment, you probably aren't very good at reading people.
Are you kidding, or do you work for OpenDNS?
Because I switched to OpenDNS because of people (you?) mentioning it here on Slashdot.
And then I noticed, that OpenDNS also does DNS redirection!
Any sufficiently advanced intelligence is indistinguishable from stupidity.
> Why exactly does the ISP control DNS?
They don't.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
It's not that this is a really big deal for me. It's just the straw that broke the camel's back. I've had all sorts of trouble with Comcast of late, and this just pushed me over the edge. I've been very, very close ever since they started blocking outbound SMTP connections (yeah, I can and do use the SMTP submission port for sending e-mail, but how am I supposed to monitor my remote SMTP servers from home?).
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
OpenDNS is doing the same damn shit. A DNS server should never return a result for an address that doesn't exist.
> Some may remember when VeriSign tried this back in 2003, where it also failed.
Not the same at all. VeriSign tried to do it with the TLD servers, which nobody can avoid. These guys are just doing it with their own servers, which you can bypass unless they block you. Even if they do you can, at least in theory, switch ISPs. They aren't likely to bother with blocking, though, because the number of people who will bypass is tiny.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
So if I call in to opt out, does that put me on their traffic watch list?
3A 4E 22 05 C1 83 0B 7A
It's random, but my posting it here is probably considered illegal to someone.
https://dns-opt-out.comcast.net/
That is where you go to opt out. I called tech support and no one even new what I was talking about until I directed them to their own announcement.
Also, this statement from Comcast's blog is blatantly false:
Normally you would *never* "sit and wait for the Web browser to time out" (well, these *are* Comcast's DNS servers after all, so in this specific case it might be true). Normally, your browser would get a DNS resolution failure and show you a built-in error page instantaneously. Now, on the other hand, you have to wait until your browser goes off and loads a page of Comcast ads.
Domain Helper my a$$!
I've been a Comcast customer for HERBAL VIAGRA several years and have never had an issue with unsolicited REAL WEIGHT LOSS advertising of any kind.
Right kind of moderation going on here. I posted a suggestion from someone a while back and get lots of good(albeit slightly over-critical) feedback to correct me and warn other users. Thanks ./ community.
While I wouldn't be opposed to a +1 insightful, a +4 informative on my post is wholly undeserved.
import system.cool.Sig;
with open DNS you get the same thing, unless you open an account with them, in which case you also share your browsing preferences with them.
Another, important reason is that at least in my case the open DNS query response times are 3 times slower than with my ISP.
And my ISP (Rogers) does have an alternate DNS server (for those who care enough to change it) that does not poison DNS results.
As the island of our knowledge grows, so does the shore of our ignorance.
OpenDNS is "free-as-in-ad-driven". You don't have to pay for it, but they need to make their money somehow, so they have their own special page when you type an invalid domain in the location bar, with text ads on. Comcast, on the other hand, which the end user is already paying for, is trying to inflict the greedy bastard business model they use for TV (hooray for paying for content that's 1/3 ads!) on their ISP customers.
By reading this you acknowledge that you have read it.
This screws with "what is valid URL". Basically, now all URL are valid. So for example you want "coke.com" anyway you mistype that request: cole.com, Coce.com, koke.com, cooke.com and ... will be a valid URL, even if it does not exist.
Another way of looking at this is cybersquatting. They are taking the whole URL domain. So if you have a new URL, guess where it will not show up for a long while.
And third you can think of it as "DNS poisoning", since if you are running your own DNS, comcast will be suppling you fake information, with its own time out.
Don't worry. They've modded me into oblivion it looks like. I wish it would have remained at 1 so it'd warn other folks.
As you and many others have pointed out, they're just cashing in on the "open" washing while "offering services" to "guide" a user straight into an ad-ridden ass pounding. Thanks again for setting me right.
import system.cool.Sig;
Seems like a simple enough solution, geeks like us should help friends, neighbors, relatives, and anyone else we encounter to opt-out of this nonsense. If enough people opt-out of this then DNS redirection could theoretically become unprofitable enough that they would ditch it!
Grass-roots spreading the word has worked well for Firefox, so why not this?
The corruption of a civilization's primary means for communicating and archiving knowledge is among the gravest of evils.
This will be a major blow to companies that use split tunneling for VPN.
I wonder what will happen if thousands of customers have to cancel their service as this 'enhanced dns' becomes a detriment to them.
OpenDNS is just as bad -- they do the same thing. The real solution is to change your DNS servers to use the L3 DNS servers at 4.2.2.1, 4.2.2.3, 4.2.2.4, 4.2.2.5, or 4.2.2.6, which are often faster than Comcast's anyway.
I use AT&T, and they seem to block port 53 except for their own DNS servers.
Thankfully, they don't have some crappy Yahoo (seriously, why Yahoo?) search page like Comcast is doing.
Hydraulic pizza oven!! Guided missile! Herring sandwich! Styrofoam! Jayne Mansfield! Aluminum siding! Borax!
Comment removed based on user account deletion
How many people actually use the Comcast email? Yet they require that to get on the list... I have no idea what my comcast email even is.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Besides the fact that this is another form of revenue for comcast, et al, what does this hurt? I use Verizon FiOS which has the same system in place but I've never seen it when I use firefox. You can set up FF to search google FIRST before forwarding you to comcast's DNS failure page. I agree that DSN should only be a service, not a full-blown application. But everyone is trying to make more money. As an aside the hell does comcast, verizon, etc need to make more money?! We pay them for service. We shouldn't be subjected to ads on top of that. Adblocker for the win!
We don't live in Shouldland.
I use my laptop in different networks (visiting friends, relatives, etc.), and opt-out is often not easy or not even possible (depending on which ISP it is). So now I just use NoRedirect and never have to worry about this stuff again.
At most ISPs, DNS servers were ignored 10 years at a time. Over that time, they became crufty and slow. The people who set them up in the mid 1990s retired or left.
Then last year, someone found a bug in DNS, not that there weren't bugs before, but a bug that got all of geekdom panties into a collective "wad." Nerds wrote tools and web sites to "check your DNS" to see if it was corrected or not. ISPs had to actually spend money and time on their DNS servers. This made them unhappy and the business people inside the ISP even more unhappy. See they'd already been successful at turning off FTP, gopher, and Usenet servers - nobody really complained.
They need a way to have DNS actually make money. A little change to DNS shouldn't bother anyone, right? Business people deciding to change anything about a 25+ yr old network protocol that is central to the internet is a bad idea.
If ISPs are looking for a real value-add service, why not sell 2-tiers of internet access with "unlimited" being the cheaper, default and "Family Friendly" being the more expensive, no porn, no spyware, no spam, no teenager hacker, no violence version of access? Most parents aren't capable of securing their systems against both outside and teenager inside attacks. This would be a truly appreciated solution in many homes, I'm certain.
The opt-out page is apparently slashdotted. Convenient....
Me too.
Oh wait, Comcast doesn't have any competition for high-speed where I live.
Go go gadget free market!
Returned Peace Corps IT Volunteer
Quite possibly Sir_Lewk will provide a lot of that warning though, since he's been modded 5.
has been doing this. I switched to openDNS which also does this, but there are other advantages, so I'm ok with that.
-Unresolved symbol? Byte me!
When opendns started it was precisely that - an open DNS system which even had its own set of free TLDs to play with.
Then they smelled money. And the rest is history.
Use the anycast DNS at 4.2.2.1, 4.2.2.2, etc. Run by Level3 who have plenty of money anyway and don't need to nickel and dime DNS for it.
Depending on how your view is setup. For me, if the OP is 0 or -1, the entire thread doesn't appear unless I click on the below threshold...
It's fun to occasionally set the threshold to -1 and see an entire flamewar taking place.
import system.cool.Sig;
Why do these OpenDNS posts keep getting modded up? OpenDNS utilizes the very practices this article bemoans! If you query a domain that does not exist, your browser is redirected to OpenDNS's ad-laden spam site.
OpenDNS is opt-in, so you're making an informed decision if you configure your systems to use it. Comcast (and others) is doing things in the background without many people being aware of the change.
It may not matter to a lot of people ("Joe Sixpack"), but it can break/upset a lot of software that assumes 'proper' responses to DNS queries. As another comment mentioned, this is a form a typosquatting, and could even open up Comcast to trademark infringement suits.
I have made an comment referring to the verizon times... And i explained that this was a pay per click revenue. It didn't get posted. So i voted a one star on the article... Couldn't see it back in the stats... I noticed after my vote it went from 5 to 3 stars, but on the frontpage it is still 4 stars. When I tried to made another comment I noticed I got an ip ban... Weird. My comment was fair and not a flame... yet now I am banned. Why not just disable comments? All of this combinded is raising the questiong, which former CEO of verisign is now a member of Comcast?
Charter allows you to opt out from getting their custom search page instead of an NXERROR. So when you opt out, you don't get the search page anymore. You get a fake IE DNS error page instead - that's served from a Charter server. Useless.
seriously, why Yahoo?
Probably because Yahoo shares a higher percentage of their revenue with them.
Views expressed do not necessarily reflect those of the author.
I am sick to death of Comcast. Everything about them is terrible, and I have no choice in service.
HD DVR:
- Service is occasionally blocky and disruptive to viewing.
- The recording software is garbage.
- On-Demand breaks nightly. Yes, I have to call every day for them to "turn it back on". They can't seem to find the problem. I'm positive the problem isn't with them cashing my fucking checks.
Internet:
- It's Fast.
- It resets 2-4 times per night.
- Used 3 different modems and 3 different routers, same behavior.
Given a choice, I would have dropped them two years ago.
I use openDNS; "www.google.com" and "google.com" seem to bring up the same page (in firefox)
What should I see - OpenDNS's search page right?
OpenDNS is up all the time unlike the DNS servers provided by Time Warner's RoadRunner.
It's not nice.
Wasn't there a proposal in the works for a fully cryptographically signed DNS system?
Not only that, but OpenDNS will even hijack Firefox's Google keyword searches! I don't trust that company one bit. I use my laptop in a lot of different places (friends, relatives), so I've given up on the whole DNS whack-a-mole and have begun using NoRedirect instead.
No, it screws with "what is a valid domain name" by making all domain names valid. Domain names are not the same as URLs.
Since this is implemented within Comcast's recursive resolvers, new domains can be recognized immediately. These recursive resolvers are the ones caching DNS lookup responses. They can (and should) choose not to cache NXDOMAIN responses (which are the ones they provide redirection for).
Third, if you are running your own DNS, you aren't communicating with Comcast's recursive resolvers, and so they won't supply you with any information, fake or otherwise.
They don't. But most ISPs offer it as a service, and most DHCP clients automatically accept the offer. If you're not a computer dork, it appears that they're in control, whereas in practice, you actually did opt in.
The reason they offer this service (whether it's done well, according to the specs, or done brokenly, as Comcast is doing here), is that it's more efficient.
When they do it correctly, you come out ahead by letting your ISP do this for you (instead of running Bind yourself). Translating a name into an address requires multiple queries to multiple authorities. Because your ISP's links are faster than yours, they can look stuff up faster. And if more than one user is sharing the service, then some of the queries can be skipped and served by a prior user's cached results instead.
It's actually a good thing .. technically. The catch is that you're trusting them with something, and some of them are starting to act untrustworthy.
It's just like caching web proxies, NNTP servers, etc. Great tech, if you're doing business with someone who feels they have a reputation to lose. Not so great if you're doing business with an entity that people choose by default (or have chosen for them by their local government), e.g. "I'll just get internet through the local cable TV company."
"Believe me!" -- Donald Trump
I HATE it when you type a lengthy reply into a web forum, only to have "awaiting moderation". I'm sure they will spend 8 seconds glancing at my 10 minute's worth of work, before chucking it into the digital trash bin. Yay, oppression. I realize I don't have any right to free speech in their house, but it's still RUDE.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
set up your phone to forward any incoming calls from comcast to a 1-900 number you own.
Charge 100 buck, plus 5 bucks a minute.
The Kruger Dunning explains most post on
This is a great point, and really gets to the heart of the matter. There is a certain way that DNS is supposed to work. And there's a certain amount of trust vested in an ISP by their customers. This "service" violates that trust.
-Peter
... in addition to their modem MAC based opt-out mechanism, they:
Anyone that knows what they are doing, or finds out via information from some source (the provider not being obligated to supply this information), should be able to use the internet exactly as it was originally intended.
now we need to go OSS in diesel cars
well, that's what happens when you try to host anything on a comcast connection, it chokes.
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
They call it "search assistant". Basically if you try to search from address bar or mistype an address it hijacks your search from search provider you selected in your browser and redirects it to its own search page. "Opting out" does not really work all that well because it get's you to a page that says "oops we can't find what you were looking for" and then gives you a link that takes you to your preferred search provider. Very annoying to say the least. :-(
http://bit.ly/12S4a8 Feel free to join and ask questions!
Until the NSA asks them to. Let's not pretend that AT&T isn't evil.
Well let's not pretend you know what the hell you are talking about.
The link you sent is for phone communications. Furthermore it was to phones outside the U.S...
That has nothing to do with network traffic, and furthermore you are dreaming if you think the same requirements to give data that AT&T followed are not the same for any other company large enough to be called an ISP.
The word "evil" is all too easily banded around today, so let's apply it to you as well and claim you are "evil" for misreporting facts.
Disclaimer: I don't work for AT&T, I just can't stand clueless paranoid nitwits.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
As is often the case here, ISPs must have different configurations in different areas. I currently use uverse, and only recently switched from at&t's dsl service. I have not had any trouble using open dns with either service.
According to the fine article there's an opt-out button on the page you get redirected to so I'm not certain that would be necessary:
Not enough. Not nearly.
Allowing people to opt out of something that subverts the very principle of an end-to-end network is not what I would call reasonable. DNS redirection is just wrong. It's not 'okay as long as we give you a choice'; it's just wrong in the 'It breaks the Internet' sense of the word.
Crumb's Corollary: Never bring a knife to a bun fight.
It appears that what Comcast may be doing is running TWO sets of DNS caching/resolving servers. One set operates as usual without any redirection. The other set has the redirection implementation deployed and enabled. The DHCP information supplied to customers based on their cable modem MAC address will provide the IP addresses of the redirecting servers, unless the customer opts out in which case the IP addresses of the non-redirecting servers will be provided. The fact that their opt-out is MAC based strongly suggests that this is the mechanism (despite the spin they put on it about how users activities such as upgrading software could mess up other opt-out methods). As long as they don't mess with DNS query datagrams or any other traffic sent elsewhere, this should be OK. The average customer really won't care, or will actually like the way that operates.
now we need to go OSS in diesel cars
But at least it's not redirecting me to a page offering me other helpful links.
Maybe I'm not in one of the test areas. (Austin).
I currently have no clever signature witicism to add here.
some of the RFCs are obviously sarcastic (like IP over Avian Carriers), so I wouldn't have been entirely surprised if that one was in there
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
As others have mentioned, OpenDNS does the same redirection trick too.
Great!! Another shitty "service" for us Comcast users. Thankfully it's not here yet. Seem that the dicks at Comcast thinks it's funny to screw around with our service. I pay for the damn thing so I should be able to get what I want from it. Only other option I have here is DSL and that's a no go too.
Unless we're being pedantic, then you are mistaken, they've been doing it for a couple of years now.
The opt-out DNS settings are available, if you you can find them on that horribly counter-intuitive site.
Here's they are:
* 68.105.28.13
* 68.105.29.13
Don't believe this internet forum troll? No worries, I wouldn't either. Google them and see!
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
EarthLink does it too, but it has DNS' that you can opt out IIRC.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
I am pertpetually frustrated by my comcast connect, particularly in regards to netflix. I't very hard for me to sort out if the problem is a comcast issue, a netflix issue or and DNS issue.
basically what happens is I find my 12Mb/sec comcast link drops to 600Kb/sec in the evenings around 7 -10pm, just when I want to watch a movie. Now on some nights I am lucky and I see by speed tests I'm getting 2 or 3Mb/sec. Often the ping latencies however are 400 to 500 msec.
still that flux rate is overkill to watch a netflix movie. Yet I can't do it without constant rebuffering and quailty/resolution downgrades from netlfix as the movie proceeds.
i've tried using open DNS but that does not seem to help either
I've noticed that when I traceroute the netflix server I'll see about 9 jumps, in all sorts of strange geographic headings inside comcast, and then about 5 inside limewire before I reach a place where traceroute stops jumping. (I assume it's blocked). when the connection is especially bad I often see the trace route timeout inside the comcast side of the network.
So how should I be faulting here? I can think of two things. One is that basically the whole internet is slow between 7 and 10 pm and I'm never going to be able to watch netflix. or that netflix sucks between 7 and 10. or that I'm dealing with a last mile issue in comcast on the shared cable line. maybe between 7 and 10 pm all my neighbors are doing the same things and comcast has oversubscribed the cable.
what can I do to try to sort these factors out?
Some drink at the fountain of knowledge. Others just gargle.
Sure, except using OpenDNS is opt-in in the first place.
>Go go gadget government-sanctioned monopolies!
There, fixed that for you.
Verizon hijacks DNS as well, giving Yahoo search results. Example: http://dnsassist.verizon.net/verizonassist/dnsassist/main/?domain=rfc-violaters
Yes, I see the wisdom of your post since you need to use the word "fuck" multiple times per sentence. You must be 100% correct, then. I salute your logic, sir.
________________________________ ___ _________ __ _______ _ ____ __ _ __ Darknight / _ \___ ____
Despite their claims to the contrary, OpenDNS's servers are likely farther away from you than your local ISP's.
Absolutely right. Out of curiosity, I recently tested DNS performance as experienced from my home network, using Steve Gibson's excellent DNS benchmark tool. The test was between:
OpenDNS was the clear loser in this test. (Sorry for the lack of numeric labels on this screenshot, but the graph is to scale.) Querying the local DNS server was of course faster than anything that had to go across the DSL modem, but OpenDNS was also significantly slower than the other remote servers tested.
has anyone considered that this is supposed to fail?
Theses days failure is the new success. This will undoubtedly result in huge id theft scams, there will be a fake outrage about how the internet needs to be more secure and they will get a few billion from the federal government to design a 'secure' network, that is, one without any anonymity, and that builds a nice fat file on each of us everywhere we use it.
"Time to call mom. Wow, I haven't called her in a long time."
[Dials number, but incorrectly]
[Phone connects]
"Beep, beep, beep. We're sorry, but the number you have dialed is ...."
"Intergalactic proton powered electrical tentacle advertising droids. INTERGALACTIC PROTON POWERED ELECTRICAL TENTACLE ADVERTISING DROIDS! Hi I'm Darth Harrington of Darth Harrington's intergalactic proton powered electrical tentacle advertising droids emporium and moon base! And due to a garbled sub-space transmission we are currently overstocked on all intergalactic proton powered electrical advertising droids! And I'm here to pass the savings on to yooouuuuu!"
"...not in service. Please hang up and dial again. This is a recording."
I had a friend once that didn't pay her Comcast bill. When this happens, all DNS requests get redirected to Comcast's "Oh hi! Please activate your modem" page. After thinking about this for a bit, I had the ingenious idea of using OpenDNS to bypass Comcast's DNS server. I set up her PC to use OpenDNS, and lo' and behold it worked. She was able to use the internet as if she paid her bills and everything. See, Comcast is doing this because they don't want anyone to cheat them out of their service. I'm pretty sure that this could work with any Comcast approved modem as well.
If "opt out" is cookie based, then it's useless. Can anyone confirm?
coffee | nose > keyboard
my service had a huge interruption for about 3 days. I had to switch to a third-party DNS server to be able to even use my service.
Any word from comcast about this? nope.
They're using their grammar skills there.
I'm semi-lucky in that I do have one other option: Qwest DSL. It's not a great option either, but it's better.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
"Also, this discredits Comcast's massive twitter efforts as ComcastBonnie so kindly made a slashdot account after seeing the twitter output from the article, and told us that the engineers promised no form of DNS hijacking was underway. Underway or not, it was certainly being planned, and coverups should not be appreciated." - by Anonymous Coward on Thursday July 09, @03:46PM (#28641183)
From having worked @ a major cable internet provider for a GOOD BIT a few years back, I can tell you they have their "own special team" for responding to reports like this one, where said companies are mentioned & especially on the "more travelled/trafficked websites" such as this one... so, don't be TOO surprised @ some of the responses here is all, & the FIRST THING I THOUGHT WAS:
"I wonder how many of these people are 'marketing plants' or their network engineer henchmen?"
& also
"How many of these repsonses are those losing monies from adbanner revenues??"
SO, I.E.-> Yes, you are hinting @ this it seems, so yes, they may be "plants" (i.e.-> marketing people for them, or, their own top engineers brought in to put out enough "techno-babble" (whether it is, or not) to alleviate any damage this might cause them, "p.r."-wise...) OR, those adversely affected by losing revenues gained by adbanner views or search results... etc. et al.
I don't see adbanners here (HOSTS files are wonderful for this, blocking them, & also speeding up your surfing in doing that OR hardcoding your favorites into it, with their URL-to-IP Address resolved correctly in them (which is great & helps speed too, that is, until a site changes HOSTING PROVIDERS, but, that's rare & most let you know this is taking place so you can counter for it in a HOSTS file))
Now - I am probably "preaching to the choir" here on that note to you though, so, if I am? Please, accept my apologies - we all live life & all that, & pickup on the b.s. out there going on!
(& from said ISP/BSP I worked for? Well, the other staff/workers are told, during training, to stay out of stories on places such as, say, dslreports.com, if it involves said cable or dsl internet provider)
Yes, it seemed pretty "dirty" to do, imo @ least, but it is, how it is. Like any business? They live & die largely by their reputation, as well as the quality of service they provide. I thought it was silly to give an order of that nature, because people should be free to speak their minds anyplace they choose, without threat of penalty from "the big boss", & it is "gotten around", easily enough, should an IT tech worker there wish to do so, even when they get free cable or dsl from their company (which most do this for their staff), but... this is "KoRpOrAtE AmErIkA" today, so we can expect such measures.
Sure, they could say "well you don't KNOW enough to respond there" & that only says they feel they hire incompetent staff, which doesn't look good doing THAT... or, that they may take the HONEST tack & say, "We send our very best technical personnel to offset the trolling happening to us" etc. et al (which would be a better way to respond, as to WHY they do these things, imo @ least).
Don't get me wrong:
The company I refer to here, which I won't name? Hey, they are, imo @ least, a great company though... so, other than that which I mention above, which I really didn't take THAT seriously or get angry over anyways because I really did think it was a top-notch outfit/operation which did provide their customers the fastest internet possible for cablemodem internet usage when I worked for they & they had 2 million customers & a TINY geographic area (but, it was a HUGE major metropolitan area they had, a major city (the most major of all iirc, population wise, in the USA or close to it in fact!)
----
"it wouldn't be the first time we trolled a legitimate story because its legitimacy was hard to validate at the time.
Years ago, Comcast's DNS servers were so fouled up that even surfing to Comcast.net would sometimes time-out. Many of us learned that the key to restoring health to our broadband performance was to specify non-Comcast DNS servers. So this new issue of DNS-hijacking is already moot.
Hey I've got a question for you Comcast
If people mistype my web address (ww.example.com), and Comcast shows them an ad, Comcast sends me part of the proceeds, right?
because Comcast is making money off of my brand name...
Comcast IS Malware!
something about doing it. my cable co (insight) decided to do it silently and redirect my faulted queries to advertisements. simple solution: run my own fscking DNS server.
Good people go to bed earlier.
How does "an opt-out button on [some] page you [got] redirected to" help if I typo an e-mail address or NTP server name in some configuration file? Not everything on the Internet is a web browser.
We also know that it's by MAC, which is a step forward from services which try to "opt-out" via cookie.
But I agree with grcumb -- not even close to enough. This kind of bullshit needs to be opt-in, if it's done at all.
Don't thank God, thank a doctor!
A lot of the criticism about this system relates to how they would not get the appropriate hostname resolution failure.
Could the server that runs these "Domain Helper" webservices detect that a connection is not attempting to get http data and send a resolution failure? How many applications would actually not be able to understand that failure arriving after a successful DNS resolution?
What's the big problem?
Actually I only used the word "fuck" three seperate times, in three seperate sentences.
If you are offended by someone on the internet using a little light profanity then I kindly suggest that you fuck off.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
level3 runs 4.2.2.3 4.2.2.4 4.2.2.5
No funny stuff.
AFAIK, my ISP (France Telecom) have no plans to implement DNS redirection but they already quite happily throttle and profile my traffic and I wouldn't be surprised if they decided to go the DNS redirection route sometime in the future.
So last month I took the decision to simply stop trusting my ISP. I now rent a virtual linux box for £15/month (I used bytemark but there are many others) and have installed OpenVPN on it. The virtual box acts as my network's gateway through which all non-LAN traffic now flows. My ISP has been relegated to essentially a dumb carrier whose only function is to provide a DSL link that allows me to create an encrypted tunnel to the linux box. Stick djb's dnscache (or any other resolver) on as well and you're done.
Added bonus? I can now watch all the BBC iplayer content (I am a UK national recently moved to France and have paid my TV license in the past so I figure, why not?)
Charter already dose this. I just use greese moneky to forward the url to a nice error page.
This new 'service' Comcast is testing helps comcast identify its customers better which helps with the 250GB cap. The new DNS setup locks out hacked modems (unregistered modems) without spoofing as a legit modem. It also limits the speed cap from the cmts (node) end as well as the cable modem so no more uncapped 30megabit/s down and 10megabit/s up on a single modem without cloning a developer na modem.
The real conversation should not be about openDNS but how comcast is going out of its way to make sure it can identify which users are breaking the 250GB cap which ultimately forces many of the not so legit comcast users who like their anonymity to spoof as someone else on the same network and therefor ultimately putting blame on the wrong person when comcast issues an abuse suspend. It is ironic really.
It may sound like a completely separate subject but by comcast playing with its dns forwarding has much bigger back end changes that seem not related but in fact are.
Verizon claims they aren't misleading their customers, but all the pages that tell you about the .14 trick have been broken for at least six months. They built those pages so they could pretend to be different, then purposely broke them as soon as they'd gotten Slashdot (and other tech sites) to agree that Verizon's redirection was pseudo-optional.
We have completed the work to opt you out of the Comcast Domain Helper service.
This change will take effect automatically when your cable modem renews its DHCP lease (generally within 5 days or less). However, you can easily make this take effect immediately via one of the following two methods:
1. If your computer is directly connected to your cable modem, you will need to reboot your computer.
2. If you have a router directly connected to your cable modem, you will need to (a) reboot your router and then (b) reboot your computer.
Thank you,
Comcast