Opting Out of Comcast’s Domain Hijacker Service

posted in: HOWTO | 10

A couple weeks ago, I mistyped a web address in my browser and I was taken to a page run by Comcast that displayed many ads related to the words in the URL I entered. This phenomenon was covered by Slashdot and other sources. If you’ve followed me for a while, you may have seen my previous rants regarding Domaineers such as Kevin Hamm; He made deals with the countries of Colombia (.co) and Cameroon (.cm) to force any mistyped URLs to those domains (ie. google.co, google.cm) to be routed through one of his ad-laden content-light websites.

This Comcast Domain Helper service is the same sort of racket — you type in an incorrect URL, and Comcast shows you a page rich with referral links, advertisemets, and other click-thru advertising.

Anyways — what follows are instructions on “opting out” of the domain helper service, with thanks to Bonnie from Comcast, who directed me to the solution initially, as well as Matt McKimmy who suggested an alternate solution.

If you’re a n00b, here’s some super-basic background information (fellow nerds should feel free to correct me if I’m wrong here). You can also skip right to the fix.

The DNS server is a computer out in la-la-internet-land that your computer trusts to translate domain names (google.com) into IP addresses (74.125.67.100). When you open your browser and type “google.com” into the URL bar, that data is sent to your DNS server (generally, this is your internet service provider), who compares that data to their database of IP addresses. They’ll find the one that matches, and pass along the request to the appropriate computer out in la-la-internet-land, who will serve up the website and pass it back to you.

Now, normally, if you type in an address that DOESN’T exist in your DNS Server’s database, it will throw up its hands in the air, and say “Look, I have NFI what you want. Go somewhere else,” which gives you a blank page with an error message (something to the effect of “page not found”).

What Comcast has started to do is to take those bad requests and build up a page around it with information and ads relevant to your request. So if you typed “Shoe shop-a-rama” into your URL bar — that address probably doesn’t really exist (yet) but Comcast would return a page full of ads for websites that sell shoes. Perhaps that may seem innocuous, but I think this tilts the plane towards a slippery slope of consequences.

Given Comcast’s history of opposition towards net neutrality, I hesitate to give them the benefit of the doubt. If they could completely control how their users use their service (and don’t use it), I don’t think they would hesitate at all. In fact, until Net Neutrality legislation passes officially, I foresee Comcast repeatedly crippling their subscribers Internet usage.

If you think I’m being unreasonable, go see how our broadband service fares against that of Japan or other countries.

The Fix

The easy correction to this DNS hijacking problem is to simply choose their opt-out DNS servers, available at this address: http://dns.comcast.net/dns-ip-addresses2.php

Richmond, IN residents will want to select the Richmond DNS servers: 68.87.73.242 (primary) and 68.87.71.226 (secondary). Jot down your DNS server addresses from this page.

Now what you do with those addresses depends on how you consume your Internet at home. If you have a LAN set up like we do (with a wireless or wired router, for example), you will need to log in to the administrative panel for that device. They almost always have a web interface (our DLink router is 192.168.0.1). If you don’t know it, then just google for your make/model and  “control panel” or “admin panel”. If you’ve never set the password you can use the default one.

Inside of that panel should be an area for WAN / Internet Connection / DNS settings. There should be a line for “Primary DNS” and “Secondary DNS” — type in those addresses you got from the Comcast page and click Apply / Save / Ok. That’s it! The change should take effect immediately. Try navigating to google.com (to make sure it works) and then to weaklsjflaksej.com, to make sure you’re no longer being hijacked.

If instead you have your computer directly hooked up to the Cable Modem, you’ll  just need to go to your network settings. In Windows XP, you can get to your network settings through the Control Panel. The DNS servers are set by clicking first on “TCP/IP Settings” then “Properties”. There should be a tab marked “DNS” — just change whatever is there to the ones that you got from the website. (You may have to select a “Specify my DNS manually” radio button first.)

Alternate Fix

Matt McKimmy suggested using a service like openDNS.com. You can get more information from the OpenDNS.com website, but if you’re feeling adventurous, their DNS servers are 208.67.222.222 (primary) and 208.67.220.220 (secondary). Just use those in place of the ones found on the Comcast website. OpenDNS provides free DNS service to anyone with an Internet connection. I get the impression that their DNS database is probably either vetted or regularly checked for problems.

Net Neutrality

Don’t let Comcast fool you into thinking that they have a right to tell you how you use your Internet connection. For them to filter traffic or prevent you from using it in certain ways would be like car manufacturers putting a governor on your car before you buy it, to ensure you don’t break the speed limit; or routinely clogging up the highways with obstacles when people are driving too fast.

The problem isn’t people using a lot of bandwidth, the problem is with comcast not providing enough of it. Watching videos online, streaming music online, sharing data with other people — that is the future of the Internet.  It requires a true broadband, unrestricted broadband, like how other countries provide. Not faux-broadband, “hey it’s faster than dialup, right?”

10 Responses

  1. John Westerdale

    Just modified my resolv.conf file on desktop to bypass Optonlines “Helper” DNS.

    I actually opened a case with Optonline when name service lookups didn’t fail, buit always pointed to the same address. they danced all around the issue:

    From: Optimum Customer Support
    Date: Sunday, January 11, 2009 11:07 pm
    Subject: DNS oddity [Incident: 090111-000114]
    To: westerj@optonline.net

    >
    > Recently we received an inquiry from you. Our response to your request
    > is provided below.
    >
    > If you prefer, you can contact us by phone. Visit
    > http://optimum.com/support/phone_list.jsp for a complete list of local
    > phone numbers.
    >
    > Thank you for allowing us to be of service to you.
    >
    > – Cablevision Customer Service
    >
    > If you have any additional questions you may reply to this
    > message by
    > entering your reply in the space below.
    >
    >
    > [===> Please enter your reply below this line [===> Please enter your reply above this line
    > Subject
    > —————————————————————
    > DNS oddity
    >
    >
    > Discussion Thread
    > —————————————————————
    > Response (Imtiaz) – 01/11/2009 11:07 PM
    > Dear westerj@optonline.net:
    >
    > Thank you for contacting Optimum Online regarding your
    > question about computer security. We apologize for any
    > inconvenience this may have caused you and will be happy to assist.
    >
    > Please make sure your IP , DNS , Default Gateway , Subnet
    > mask settings are on automatic or via DHCP, if you need more
    > information then please feel free to call in, we will help you
    > in this matter. Thanks
    >
    > For additional information, please take a look at the online
    > Answer Center located at http://optimum.com/support. If you
    > require further assistance you may contact us via:
    >
    > Email: http://optimum.custhelp.com/cgi-
    > bin/optimum.cfg/php/enduser/ask.php
    > Live Support: http://optimum.net/chat

    ===============================================
    — Then I contacted Infospace -the “Helper Company”
    ===============================================

    Hello Folks,

    I fished your contacts from the Whois database, please pardon the intrusion.

    Am a Unix Admin by day and was updating my home router and noticed a
    DNS oddity where unknown DNS records were resolving to 67.63.55.3.

    Does this ring any bells?

    I’ve informed Optonline.net (my isp) separately. Their DNS nameservers are 167.206.245.129 and 167.206.245.130.

    Optonline ticket number:
    DNS oddity [Incident:090111-000114]

    ========================
    [root@otto ~]# nslookup
    > server 167.206.245.130
    Default server: 167.206.245.130
    Address: 167.206.245.130#53
    > jet.
    Server: 167.206.245.130
    Address: 167.206.245.130#53

    Non-authoritative answer:
    Name: jet
    Address: 67.63.55.3
    > http://www.abc.com
    Server: 167.206.245.130
    Address: 167.206.245.130#53

    Non-authoritative answer:
    http://www.abc.com canonical name = abc.com.
    Name: abc.com
    Address: 199.181.132.250
    > www9.abc.com
    Server: 167.206.245.130
    Address: 167.206.245.130#53

    Non-authoritative answer:
    Name: www9.abc.com
    Address: 67.63.55.3
    >

    ================

    so.. names with A records resolve properly (www.abc.com)

    Names with no A or CNAME records resolve to 67.63.55.3 ??

    ex: www9.abc.com and jet.

    Have I lost my mind, or has my or ISP DNS been hacked?

    =========== more checks==============

    [root@otto dhclient]# nslookup asdasd
    Server: 10.1.1.1
    Address: 10.1.1.1#53

    Non-authoritative answer:
    Name: asdasd
    Address: 67.63.55.3

    [root@otto dhclient]# nslookup goobledehgook.mispelt
    Server: 10.1.1.1
    Address: 10.1.1.1#53

    Non-authoritative answer:
    Name: goobledehgook.mispelt
    Address: 67.63.55.3

    [root@otto dhclient]#

    ===========================
    Thanks
    John Westerdale

  2. Nate Smith

    Aaron,

    I was just implying that I am thankful for Parallax’s relatively hands-off dealings with customers. Nothing like this DNS hijacking stuff. And static IPs for free 🙂

    • Aaron

      @Nate:
      How is the performance? Do you get good throughput?

      I would consider switching if I knew that I would continue to be able to watch Hulu, youtube, and use BT without any significant impairment. We don’t have cable television, so we don’t use comcast for anything but internet.

  3. Matt McKimmy

    Thanks for the plug, Aaron!

    I’ve been using OpenDNS for quite a while, ever since I found Verizon doing the same kind of DNS-based redirecting that Comcast was doing to you.

    I highly recommend the service for several reasons. They do some very basic typo-correction on top-level domains. Their servers seem quite quick. They provide real search results (not just sponsored links) on domains that don’t resolve.

    In addition, if you’re looking for some basic filtering they are highly rated for their phishing protection and parental controls. Using these tools requires signing up for a free account with OpenDNS.

    One of the other cool tools you can use if you sign up is what they call “shortcuts.” Basically, it maps things you type in the address bar of any browser on your network to a pre-specified address. So for example, you could create a shortcut of “mail” that redirects to http://www.google.com/mail (or your web mail portal.) The nice thing about this is that it works on any device on your network, laptop, PDAs, etc.

    Ok … enough OpenDNS evangelism. Glad you got your problem fixed!

    • Aaron

      Just signed up for the service! Very cool! The “Shortcuts” feature is what sold me, really.

  4. OpenDNS.com

    […] a followup to yesterday, where I discussed overcoming the Comcast DNS Hijacking service, I wanted to write a short post about the OpenDNS service that Matt McKimmy had mentioned in his […]