Slashdot Mirror
Comcast DNS Redirection Launched In Trial Markets
An anonymous reader writes "Comcast has finally launched its DNS Redirector service in trial markets (Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington state), and has submitted a working draft of the technology to the IETF for review. Comcast customers can opt-out from the service by providing their account username and cable modem MAC address. Customers in trial areas using 'old' Comcast DNS servers, or non-Comcast DNS servers, should not be affected by this. This deployment comes after many previous ISPs, like DSLExtreme, were forced to pull the plug on such efforts as a result of customer disapproval/retaliation. Some may remember when VeriSign tried this back in 2003, where it also failed."
Some may remember when VeriSign tried this back in 2003, where it also failed.
Oh yeah, way back in the day. But let us not forget Earthlink's attempt at this or Canadian Rogers Cable or Charter or NJ Cabelvision or ... I'm sure you could find no end to this stream of providers offering their customers something the customers simply do not want.
And I'm pretty certain most of those ended or resulted in customers bitching out the provider. Yet here we go again. Why? Well, that's simple: ad revenue.
My work here is dung.
I don't want to name names, but Netalyzr showed that several major ISPs already do this, and allows you to check for yourself what the behavior is on your network.
Comcast is following the lead of other major ISPs which have been doing this for some time now.
Test your net with Netalyzr
Except for the bit where Comcast users not using Comcast DNS servers are unaffected, as per TFS.
Unless you're complaining that they could, in theory, redirect port 53. Frankly, anyone remotely familiar with how the Internet works should know that your ISP *could* completely and arbitrarily control any nonauthenticated protocol, including DNS.
OpenDNS does exactly the same. (unless you register account and change it, but thats the case with this comcast thingie aswell)
AT&T ... they aren't keeping a database of my URL lookups7.
Until the NSA asks them to. Let's not pretend that AT&T isn't evil.
* * * --they cant all be your best, that would be confusing
I noticed the summary mentioned several attempts that have failed, but makes no mention of other ISPs that are still doing it. Time Warner Cable is one that has been doing this for a while now (maybe a year?). Anyone know of others?
OpenDNS does the exact same thing. To avoid DNS highjacking if you use OpenDNS, you have to have an account with them, change your preferences and always be identifiable to OpenDNS so that it can apply your preferences. It's easier to opt out at Comcast than to opt out at OpenDNS. Besides, OpenDNS also redirects www.google.com to OpenDNS servers, not just nonexistent domains.
It doesn't redirect you to a third-party site owned by the NSA; it redirects you to a third-party site, full stop. This not only breaks a whole host of applications relying on DNS to inform them that a domain name doesn't exist, but it is in violation of the standards that hold the Internet together.
Score: i, Imaginary
I use Level3's anycast dns resolvers. They are fast and work great. Pair them with a local dns cache and you'll be golden.
4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6
In case you don't know about anycast.
http://en.wikipedia.org/wiki/Anycast
"It is better to die on one's feet than to live on one's knees." - Albert Camus
Why do these OpenDNS posts keep getting modded up? OpenDNS utilizes the very practices this article bemoans! If you query a domain that does not exist, your browser is redirected to OpenDNS's ad-laden spam site.
Despite their claims to the contrary, OpenDNS's servers are likely farther away from you than your local ISP's. They also keep permanent logs of all queries, which could be subpoenaed by a government entity. Their joke of a privacy policy allows them to sell your logs to "Affiliated Businesses", which pretty much means anybody. Not that it really matters - they could amend their privacy policy tomorrow morning and be selling your info by the afternoon.
I think many people read the "Open" part of the OpenDNS name and turn their brains off.
In what way is this relevant to OpenDNS? They actually do the same dirty trick aswell. Just because they have "open" in their name doesn't mean they're great and everyone should use them. They run their DNS servers to make profit from non-existing domains and hell, they even redirect requests to google.com to their own servers.
Thankfully there are open dns servers that dont do such either, for example university in Gothenburg, Sweden: 129.16.1.53 and 129.16.2.53 and several others. Those that have the technical knowledge can also set up their own dns recursive dns servers on their linux box and use those directly (while it fetches the results from root servers)
Easy, through innovation and distinct added value. Shouldn't take a rocket scientist to figure it out but apparently it does. Recently, our ISP decided to offer a brand new service allowing you to double your bandwidth simply by adding another DSL line. Guess what, they are now the fastest growing ISP in Canada.
Schemes like DNS redirection are a scam and should be banned unless they contain no advertising or indirect revenue generation whatsoever.
Views expressed do not necessarily reflect those of the author.
It's not like Comcast is going to be intercepting all DNS traffic and routing it through their spammy DNS servers.
Why not? As raddan posted above me, Sprint already did this with their aircard service. The huge majority of customers won't notice the difference since they don't know about alternative DNS servers.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Try looking at the entire service. So far as I have been able to tell, you can turn off every single one of their "features", giving you a simple, straightforward dns service.
And for those replying to you confused about the google thing - they don't
. What they do is provide a dns entry for www.google.com that points to their own servers. These servers proxy the real www.google.com to strip out some functionality that opendns found particularly offensive (I have not experienced the functionality, and can't say whether I agree or disagree with their views). However, like every other "feature" I've found at OpenDNS, you can turn this off. Yes, at first you couldn't. I stopped using OpenDNS for awhile. Now you can.
If you don't believe it, try the commands for yourself:
-=-=-=-=-
overmind% nslookup
Default Server: localhost
Address: 127.0.0.1
> set querytype=a
> www.google.com
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: www.l.google.com
Addresses: 74.125.53.147, 74.125.53.104, 74.125.53.99, 74.125.53.103
Aliases: www.google.com
> server 208.67.220.220
Default Server: resolver2.opendns.com
Address: 208.67.220.220
> www.google.com
Server: resolver2.opendns.com
Address: 208.67.220.220
Non-authoritative answer:
Name: google.navigation.opendns.com
Addresses: 208.69.36.230, 208.69.36.231
Aliases: www.google.com
-=-=-=-
Talking to my local DNS server, www.google.com resolved to IP addresses in the 74.125.0.0/16 netblock, which is assigned to Google.
Talking to resolver2.opendns.com, www.google.com resolved to 208.69.36.230 and 208.69.36.231, which have no reverse information, but are in the 208.69.32.0/21 netblock which is assigned to OpenDNS.