Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast DNS Redirection Launched In Trial Markets

Posted by timothy on from the looks-like-you-want-xxy-porn dept.

An anonymous reader writes "Comcast has finally launched its DNS Redirector service in trial markets (Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington state), and has submitted a working draft of the technology to the IETF for review. Comcast customers can opt-out from the service by providing their account username and cable modem MAC address. Customers in trial areas using 'old' Comcast DNS servers, or non-Comcast DNS servers, should not be affected by this. This deployment comes after many previous ISPs, like DSLExtreme, were forced to pull the plug on such efforts as a result of customer disapproval/retaliation. Some may remember when VeriSign tried this back in 2003, where it also failed."

23 of 362 comments (clear)

  1. malware by sopssa · · Score: 5, Insightful

    Another great press release about how it will be helpful and a "service" for users, while the main purpose is just to gather extra advertisement revenue (while breaking internet standards). I mean, this is what malware do. Oh well, atleast these non-us ISP's dont do such dirty acts to their customers here. Time to voice your opinion maybe?

    1. Re:malware by jank1887 · · Score: 4, Insightful

      modern corporate culture demands profit growth. not just continued profit, but growth of profits. how do you expect that to happen in a saturated market?

    2. Re:malware by MrMr · · Score: 4, Insightful

      Have the government outlaw your product?

    3. Re:malware by basementman · · Score: 3, Insightful

      How is this different from OpenDNS? OpenDNS shows ads if your page can't be found. That said I much prefer my ISPs ad free DNS service to OpenDNS.

      --
      A Magic the Gathering Article and Forum Aggregator
    4. Re:malware by Anonymous Coward · · Score: 1, Insightful

      OpenDNS redirects www.google.com, not google.com. Just in case somebody wants to verify it and finds that you're full of shit.

    5. Re:malware by jtownatpunk.net · · Score: 3, Insightful

      Yeah, it's exactly the same thing. Except opendns is very clear about what they're doing and any computer or network using opendns must explicity configure their system to use the opends servers. Heck, I'm looking at an opendns redirect right now. It's hard to miss the big opendns logo. And the "Why am I here?" link. And the "did you mean" links. Yeah. Exactly the same "dirty trick".

  2. Who's providing a backdoor DNS service? by argent · · Score: 4, Insightful

    Sounds like time to pick some semi-standard alternate port number and start setting up some alternate recursive DNS servers, something between alt.* and TOR.

    1. Re:Who's providing a backdoor DNS service? by 644bd346996 · · Score: 4, Insightful

      Why? It's not like Comcast is going to be intercepting all DNS traffic and routing it through their spammy DNS servers. Only the people who get their resolvers from DHCP (ie the people who don't know enough to care) will be affected.

  3. The Sky isn't faling. by TheRealJobe · · Score: 1, Insightful

    Before you go calling me a troll, just hear me out, this isn't that big of a deal. It doesnt redirect you to another 3rd party site owned by the NSA, it simply provides a web GUI that suggest sites on what the system thought you wanted to see. You dont have to go any sites you dont want to. The sky isnt falling.

    1. Re:The Sky isn't faling. by Anonymous Coward · · Score: 0, Insightful

      Don't you have a mass mail marketing webinar to attend somewhere? Get lost.

    2. Re:The Sky isn't faling. by mdmkolbe · · Score: 4, Insightful

      Providing a nice GUI on a DNS lookup fail is the job of the web browser not the DNS server. DNS is infrastructure not user interface.

    3. Re:The Sky isn't faling. by SCHecklerX · · Score: 5, Insightful

      If a domain name does not exist, I want my systems to receive an error telling them so, not be redirected to a system that they were not expecting to be directed to.

    4. Re:The Sky isn't faling. by Tony+Hoyle · · Score: 4, Insightful

      If you think it's OK to hijack DNS think about what happens if you mistype an email address, or what happens when your configured NTP server goes offline.

  4. Re:So should... by The+End+Of+Days · · Score: 3, Insightful

    You can opt out, you know. It says so right in the summary.

    Also please don't use "evil" to describe things that are merely inconvenient. It greatly diminishes the horror and suffering people have gone through at the hands of real, actual evil.

  5. Keep trying till you succeed by Lead+Butthead · · Score: 4, Insightful

    When in doubt, keep trying. When rejected, keep trying. Enough people do this, it becomes the norm. Sad, but true.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  6. They shouldn't control it. by Well-Fed+Troll · · Score: 2, Insightful

    Why exactly does the ISP control DNS?
    Given the shenanigans the ISPs and governmental authorities have been up to the last few years, I say we need to rethink TCP. You see, we've been assuming all along that ISPs are not malicious. We need to start assuming they are malicious. The new TCP protocol should only assume that all socket level data is sensitive and therefore must be encrypted as to both its contents AND its destination. This implies traffic shaping, onion routing and a public key based DNS

  7. Re:So should... by Anonymous Coward · · Score: 0, Insightful

    Real evil is like real beauty. Both are nothing more than opinion. Stop trying to make your emotions seem important.

  8. Re:So should... by Sir_Lewk · · Score: 5, Insightful

    No.

    Knock this shit off and mods, wise the fuck up. Just because it has "open" in the name doesn't make it suddenly good and benevolent, They do the exact same fucking thing.

    Anyone who's been on slashdot for more than a week or two probably has seen dozens of comments suggesting OpenDNS in cases like this, always modded up. Every single time people post corrections pointing out that they do the same thing. Does anyone ever listen?

    Wise the fuck up

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  9. I hate their tech support by Anonymous Coward · · Score: 1, Insightful

    https://dns-opt-out.comcast.net/

    That is where you go to opt out. I called tech support and no one even new what I was talking about until I directed them to their own announcement.

  10. Re:I tried to circumvent this with OpenDNS... by Anonymous Coward · · Score: 1, Insightful

    That's why I use the NoRedirect extension these days. Don't have to bother with the draconian (and often non-existent) opt-out policies, no matter whose network I'm using.

  11. Re:I'm done. I'll be switching as soon as possible by griffjon · · Score: 5, Insightful

    Me too.

    Oh wait, Comcast doesn't have any competition for high-speed where I live.

    Go go gadget free market!

    --
    Returned Peace Corps IT Volunteer
  12. I would find this acceptable if ... by Skapare · · Score: 2, Insightful

    ... in addition to their modem MAC based opt-out mechanism, they:

    1. Provide alternative DNS cache servers that users can manually configure to bypass the redirection DNS cache servers. Support for this service can be limited to only informing the customer of the IP addresses of these DNS cache servers, such as on the tech support web page that tells customers how to opt-out. They do NOT have to support users on how to deploy this type of change.
    2. Do NOT interfere with DNS queries sent to other DNS servers, whether with or without the recurse flag in the request. This is so that a user can run their own DNS cache server either on an internal network, or access a DNS cache server elsewhere on the internet (their own remote server, or a DNS caching/resolving service), without the need to set up a secure tunnel.
    3. Do NOT interfere with any form of secure tunnel or other VLAN.
    4. Do NOT intercept any UDP traffic, or TCP connections, or SCTP sessions, unless those are directed specifically to the provider's servers or services. For example the provider may offer HTTP caching services, media stream multipliers, IRC servers, etc., but must not affect users that want to bypass those services. ONE EXCEPTION: connections made to port 25 outside the provider's network SHOULD be intercepted unless the customer makes a "knowledgeable opt-out request" (for example, mentions "SMTP").
    5. Do NOT do any other evil activity I don't have time to think about right now.

    Anyone that knows what they are doing, or finds out via information from some source (the provider not being obligated to supply this information), should be able to use the internet exactly as it was originally intended.

    --
    now we need to go OSS in diesel cars
  13. Re:comcast and netflix by Antique+Geekmeister · · Score: 3, Insightful

    You are blatnatly mistaken, sir.

    Because your DNS tells you what the real IP address is, and in many locations, that is not what this "redirect" DNS service will lead you to. That may be a much nearer, but more bandwidth expensive location than Comcast wants you to use, or may not go through their monitoring and proxies and load balancers and most importantly, their _streaming video choking_ services. Comcast has established their willingness to interfere with bandwidth intensive services such as Bittorrent via SYN packats and other abuses: there's no reason to expect that they will provide this service for their customer's advantage, but rather for their own to guide traffic to their desired services.