Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast DNS Redirection Launched In Trial Markets

timothy posted more than 5 years ago | from the looks-like-you-want-xxy-porn dept.

The Internet 362

An anonymous reader writes "Comcast has finally launched its DNS Redirector service in trial markets (Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington state), and has submitted a working draft of the technology to the IETF for review. Comcast customers can opt-out from the service by providing their account username and cable modem MAC address. Customers in trial areas using 'old' Comcast DNS servers, or non-Comcast DNS servers, should not be affected by this. This deployment comes after many previous ISPs, like DSLExtreme, were forced to pull the plug on such efforts as a result of customer disapproval/retaliation. Some may remember when VeriSign tried this back in 2003, where it also failed."

cancel ×

362 comments

Sorry! There are no comments related to the filter you selected.

malware (5, Insightful)

sopssa (1498795) | more than 5 years ago | (#28640155)

Another great press release about how it will be helpful and a "service" for users, while the main purpose is just to gather extra advertisement revenue (while breaking internet standards). I mean, this is what malware do. Oh well, atleast these non-us ISP's dont do such dirty acts to their customers here. Time to voice your opinion maybe?

Re:malware (4, Funny)

Shakrai (717556) | more than 5 years ago | (#28640317)

while breaking internet standards

What are those? The last RFC that I read was titled "How to make the largest pile of cash while providing the least amount of service". I think it's RFC666 and is the one that most modern day ISPs seem to operate under.....

Re:malware (3, Interesting)

xvx (624327) | more than 5 years ago | (#28640373)

Comcast is great. So I pay them for an internet connection, the price won't go down, and they get extra advertising revenue from there users. How long will it be until they start injecting ads into websites?

Re:malware (4, Insightful)

jank1887 (815982) | more than 5 years ago | (#28640621)

modern corporate culture demands profit growth. not just continued profit, but growth of profits. how do you expect that to happen in a saturated market?

Re:malware (1)

jeffasselin (566598) | more than 5 years ago | (#28640747)

You over-exploit the natural and human resources of the area where you operate, strip it bare, then move on to the next one?

The problem is that the "next area" is another planet, and we kinda lack the technology to get there for now...

Re:malware (1)

hal2814 (725639) | more than 5 years ago | (#28640801)

Planet? Someone obviously hasn't seen Moon [wikipedia.org] .

Re:malware (4, Insightful)

MrMr (219533) | more than 5 years ago | (#28640767)

Have the government outlaw your product?

Re:malware (3, Insightful)

basementman (1475159) | more than 5 years ago | (#28640851)

How is this different from OpenDNS? OpenDNS shows ads if your page can't be found. That said I much prefer my ISPs ad free DNS service to OpenDNS.

Re:malware (1)

John Hasler (414242) | more than 5 years ago | (#28640911)

> How is this different from OpenDNS?

One actively chooses to use OpenDNS. You get your ISP's servers by default.

Here We Go Again (5, Informative)

eldavojohn (898314) | more than 5 years ago | (#28640165)

Some may remember when VeriSign tried this back in 2003, where it also failed.

Oh yeah, way back in the day. But let us not forget Earthlink's [slashdot.org] attempt at this [slashdot.org] or Canadian Rogers Cable [slashdot.org] or Charter [slashdot.org] or NJ Cabelvision [slashdot.org] or ... I'm sure you could find no end to this stream of providers offering their customers something the customers simply do not want.

And I'm pretty certain most of those ended or resulted in customers bitching out the provider. Yet here we go again. Why? Well, that's simple: ad revenue.

Attempt? (0)

XanC (644172) | more than 5 years ago | (#28640289)

Aren't they still doing it? I know Earthlink is. Morons.

Re:Attempt? (2, Interesting)

Timex (11710) | more than 5 years ago | (#28640717)

I use Earthlink for an ISP. I also know how to change my "default" DNS servers, so I don't have to deal with their antics.

If people don't like what the ISP does to things like this, they should either learn how to fix the problem (because their ISPs will simply say there IS no problem because it's functioning as it was designed to do) or look for another ISP.

Why do I stay with Earthlink? Simple:

  • Cable modem service is cheaper than DSL rates in my area, given identical UL/DL speeds.
  • I don't have cable TV (by choice), so having cable modem service alone would be higher with Comcast, the Cable provider in my area.
  • Eathlink service (in my area, at least) is "powered by Comcast". If there are broadband-related issues, Earthlink will work with Comcast's people to work out any problems.

Generally, I'm pleased with Earthlink.

Re:Here We Go Again (5, Informative)

northernboy (661897) | more than 5 years ago | (#28640447)

If I'm not mistaken (although I often am, sorry in advance) Cox has been doing this for months now, and nobody posted anything about that. If I 'typo' a URL at home, when connected via my (or my neighbor's) Cox cablemodem, I get a Verisign page indicating that www.whateveriswas.com is Under Construction.

Is this not muchly the same thing??

It pisses me off, but not enough to hunt down a better alternative.

Re:Here We Go Again (2, Informative)

Anonymous Coward | more than 5 years ago | (#28640455)

Rogers is still doing it.

Keep trying till you succeed (4, Insightful)

Lead Butthead (321013) | more than 5 years ago | (#28640521)

When in doubt, keep trying. When rejected, keep trying. Enough people do this, it becomes the norm. Sad, but true.

Re:Here We Go Again (0)

Anonymous Coward | more than 5 years ago | (#28640643)

Some may remember when VeriSign tried this back in 2003, where it also failed.

Oh yeah, way back in the day.

Shit. 6 years ago is now "way back in the day"? I'm even older than I thought.

So, I guess, get off my lawn.....

Re:Here We Go Again (2, Informative)

jank1887 (815982) | more than 5 years ago | (#28640791)

I believe my Verizon DSL service does this. It can be disabled either by changing your computer DNS settings or modem settings depending on which modem you use.

Verizon Support - Opting out of DNS assistance [verizon.net]

Re:Here We Go Again (5, Informative)

rminsk (831757) | more than 5 years ago | (#28640931)

To "opt-out" all you have to do is change the last octet of the DNS servers they supply to you to 14. So if Verizon default DNS server is 123.123.123.12 change it to 123.123.123.14.

Re:Here We Go Again (0)

Anonymous Coward | more than 5 years ago | (#28640793)

There is one difference, comcast is bringing their expertise of how to reduce the customer complaints when screwing them over. Their trick is to offer an opt out. If you complain then simply remove yourself from the program. This way they can keep the people 90% that wont fight for their rights and still increase the ad revenue.

Re:Here We Go Again (1)

woddfellow2 (803295) | more than 5 years ago | (#28640901)

Add Windstream [dslreports.com] to that list.

I was able to opt out of it [dslreports.com] , though...

Who's providing a backdoor DNS service? (4, Insightful)

argent (18001) | more than 5 years ago | (#28640193)

Sounds like time to pick some semi-standard alternate port number and start setting up some alternate recursive DNS servers, something between alt.* and TOR.

Re:Who's providing a backdoor DNS service? (4, Insightful)

644bd346996 (1012333) | more than 5 years ago | (#28640329)

Why? It's not like Comcast is going to be intercepting all DNS traffic and routing it through their spammy DNS servers. Only the people who get their resolvers from DHCP (ie the people who don't know enough to care) will be affected.

Roll your own, it's easy. (0)

Anonymous Coward | more than 5 years ago | (#28640487)

Instead of migrating from one punk who pulls this stunt to the next, quit using someone else's recursive resolver and run your own: Unbound - a validating, recursive, and caching DNS resolver. [unbound.net] Available for Unix and Windows.

Time Warner does it in Dallas (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#28640195)

Getting redirected to some spam 'search' site makes me so fucking angry.

I wish there was real competition in cable/internet.

So should... (-1, Troll)

Seakip18 (1106315) | more than 5 years ago | (#28640251)

Everyone go to opendns here [opendns.com] and avoid this all together?

Re:So should... (-1, Flamebait)

hackus (159037) | more than 5 years ago | (#28640301)

They will just redirect port 53.

Doesn't matter what you put in your DNS settings.

This is just plain EVIL.

-Hackus

Re:So should... (4, Informative)

blueg3 (192743) | more than 5 years ago | (#28640403)

Except for the bit where Comcast users not using Comcast DNS servers are unaffected, as per TFS.

Unless you're complaining that they could, in theory, redirect port 53. Frankly, anyone remotely familiar with how the Internet works should know that your ISP *could* completely and arbitrarily control any nonauthenticated protocol, including DNS.

Re:So should... (3, Insightful)

The End Of Days (1243248) | more than 5 years ago | (#28640481)

You can opt out, you know. It says so right in the summary.

Also please don't use "evil" to describe things that are merely inconvenient. It greatly diminishes the horror and suffering people have gone through at the hands of real, actual evil.

Re:So should... (0, Insightful)

Anonymous Coward | more than 5 years ago | (#28640707)

Real evil is like real beauty. Both are nothing more than opinion. Stop trying to make your emotions seem important.

Re:So should... (0)

Anonymous Coward | more than 5 years ago | (#28640827)

If you think my emotions were involved in that comment, you probably aren't very good at reading people.

Re:So should... (0)

NeverVotedBush (1041088) | more than 5 years ago | (#28640581)

I agree it is evil, but until they do (if they ever do) redirect port 53, people can (and should IMO) use OpenDNS.

I really like OpenDNS. There is more to it than just a clean DNS server - though if you check their FAQ, they will also serve links with dead-end web address error messages. You can outright block various kinds of websites (useful if you have kids in the house), and they are actively protecting against DNS cache poisoning, blocking malware sites, etc.

Comcast can do their own ad serving through their own DNS servers and that probably won't raise too many eyebrows except from people like those that frequent /. Most people don't even know what DNS is or why it could be important to them. But if Comcast starts redirecting ports, it will grab a much wider audience because lots of tech people will go postal over the insult and that would be bad press for Comcast.

I doubt they will ever redirect 53. And if they do, reaction will be probably be swift.

No (0)

Anonymous Coward | more than 5 years ago | (#28640383)

OpenDNS does the crap.

Re:So should... (5, Informative)

sopssa (1498795) | more than 5 years ago | (#28640465)

OpenDNS does exactly the same. (unless you register account and change it, but thats the case with this comcast thingie aswell)

Re:So should... (5, Informative)

Anonymous Coward | more than 5 years ago | (#28640549)

OpenDNS does the exact same thing. To avoid DNS highjacking if you use OpenDNS, you have to have an account with them, change your preferences and always be identifiable to OpenDNS so that it can apply your preferences. It's easier to opt out at Comcast than to opt out at OpenDNS. Besides, OpenDNS also redirects www.google.com to OpenDNS servers, not just nonexistent domains.

Re:So should... (4, Informative)

Ian Alexander (997430) | more than 5 years ago | (#28640565)

According to the fine article there's an opt-out button on the page you get redirected to so I'm not certain that would be necessary:

We also understand that sometimes customers want to surf their own way, without the assistance of services like Domain Helper, so we offer an easy way to opt-out right on the Domain Helper search page.

Re:So should... (-1, Redundant)

nvrrobx (71970) | more than 5 years ago | (#28640685)

Except OpenDNS does the same thing.

I use OpenDNS at home, and they redirect to a search page when you mistype a URL.

Re:So should... (5, Insightful)

Sir_Lewk (967686) | more than 5 years ago | (#28640715)

No.

Knock this shit off and mods, wise the fuck up. Just because it has "open" in the name doesn't make it suddenly good and benevolent, They do the exact same fucking thing.

Anyone who's been on slashdot for more than a week or two probably has seen dozens of comments suggesting OpenDNS in cases like this, always modded up. Every single time people post corrections pointing out that they do the same thing. Does anyone ever listen?

Wise the fuck up

Re:So should... (5, Informative)

seizurebattlerobot (265408) | more than 5 years ago | (#28640723)

Why do these OpenDNS posts keep getting modded up? OpenDNS utilizes the very practices this article bemoans! If you query a domain that does not exist, your browser is redirected to OpenDNS's ad-laden spam site.

Despite their claims to the contrary, OpenDNS's servers are likely farther away from you than your local ISP's. They also keep permanent logs of all queries, which could be subpoenaed by a government entity. Their joke of a privacy policy allows them to sell your logs to "Affiliated Businesses", which pretty much means anybody. Not that it really matters - they could amend their privacy policy tomorrow morning and be selling your info by the afternoon.

I think many people read the "Open" part of the OpenDNS name and turn their brains off.

Re:So should... (3, Funny)

Hurricane78 (562437) | more than 5 years ago | (#28640829)

Are you kidding, or do you work for OpenDNS?

Because I switched to OpenDNS because of people (you?) mentioning it here on Slashdot.

And then I noticed, that OpenDNS also does DNS redirection!

Re:So should... (0)

Anonymous Coward | more than 5 years ago | (#28640849)

OpenDNS is doing the same damn shit. A DNS server should never return a result for an address that doesn't exist.

Call it what it is (5, Interesting)

wilsoniya (902930) | more than 5 years ago | (#28640253)

Didn't RTFA, but lets call a spade a spade--this is typosquatting [wikipedia.org]

Re:Call it what it is (0, Troll)

TheRealJobe (1125771) | more than 5 years ago | (#28640331)

No it isn't they are not directing you to a externally developed app, their simply adding a GUI interface to a bunk DNS return. They aren't forcing you to an external domain and you dont have to click on any of their links. Lets call this what it is, overeacting think tanks.

Re:Call it what it is (0)

Anonymous Coward | more than 5 years ago | (#28640701)

BS they are in no way 'adding a GUI' to a DNS.

They are mucking with DNS to force users to their page with (potentially) ads and other garbage instead of letting the normal browser error page come up.

If anybody actually wants this it should be implemented in the browser NOT in DNS.

Doing it as part of DNS is worse than typo squatting. It's practically browser hijacking. It's an absolutely terrible and dangerous idea.

P.S. OpenDNS is just as bad. It's a crappy solution no matter who does it.

Re:Call it what it is (0)

Anonymous Coward | more than 5 years ago | (#28640795)

I have a question about this. If someone typo's something in my domain, I created my own custom 'page not found' that .htaccess redirects invalid pages to.

Will this cause people to no longer see this custom 'page not found', and replace it with their own? Because if so, that'd piss me off.

Re:Call it what it is (2, Informative)

Hurricane78 (562437) | more than 5 years ago | (#28640885)

Yes it is. What you described is the very definition of typosquatting, if you add the point of what you see on this "GUI interface" (which is the job of your browser to create, btw.)

And if you think about them paying for servers to display this "interface", you will know that there is a reason they do this:
To make money. Obviously.

And what is the reason, that typosquatters add a "GUI interface" to unused domains?
Also to make money. Obviously.

Point proven. :)

Re:Call it what it is (0)

Anonymous Coward | more than 5 years ago | (#28640359)

Totally agree.... corporate chumps.

Re:Call it what it is (5, Interesting)

Zontar_Thing_From_Ve (949321) | more than 5 years ago | (#28640803)

This reminds me of a little known incident that happened in the mid 1990s. For a while, AT&T ran a service called 1-800-OPERATOR where you could call this number and get AT&T to connect you to a long distance call. For those who don't know, we're required (at least in most of the USA if not all of it) to pick a long distance service provider. That company does not have to be who you get local telephone service from. It was possible to place long distance calls with someone other than your long distance provider by simply dialing an access number that belonged to that company and you would get billed for the call from that company. So for example you might have, say, BellSouth as your long distance provider, but you could dial an access number and place calls on Sprint if Sprint offered a better rate. No need to change providers that way. So AT&T decided that it would be smart to get in on this too and lower their rates. So the way it worked was that you called 1-800-OPERATOR and someone at AT&T would connect you to your long distance call and charge you whatever rate AT&T had for the service. AT&T promoted this service on national television commercials and spent a lot of advertising money on it. Anyway, I had a friend at the time who worked for MCI in their marketing department. She told me that MCI had reserved the telephone number that corresponded to 1-800-OPERATER. MCI spent zero dollars advertising and simply waited for people who couldn't spell to call that number and they placed the call for the person and made the money off it. She told me "You would not believe how much money we made off this". Some months after the campaign started, AT&T quietly pulled the plug on it. I always assumed that too many people couldn't spell "operator" correctly and they were tired of giving business to MCI for nothing.

FYI for Colorado (0)

Anonymous Coward | more than 5 years ago | (#28640271)

Qwest has 20Mb/s FTTN DSL installed in much of Colorado now. Qwest isn't a panacea either but is considerably less heinous than f**king Comcast. They're running promotions right now as the FTTN installed base is new.

The Sky isn't faling. (1, Insightful)

TheRealJobe (1125771) | more than 5 years ago | (#28640287)

Before you go calling me a troll, just hear me out, this isn't that big of a deal. It doesnt redirect you to another 3rd party site owned by the NSA, it simply provides a web GUI that suggest sites on what the system thought you wanted to see. You dont have to go any sites you dont want to. The sky isnt falling.

Re:The Sky isn't faling. (5, Interesting)

Shakrai (717556) | more than 5 years ago | (#28640361)

The sky isnt falling.

It is if you were foolish enough to believe that the RFC/protocol standards would be obeyed and wrote code that relies on a NXDOMAIN response to detect a bad hostname. Now you are going to an 'A' record that points to a Comcast server. This will break various applications but they don't give a damn because it's all about the ad revenue and who uses the internet for anything other than surfing anyway?

Re:The Sky isn't faling. (0, Insightful)

Anonymous Coward | more than 5 years ago | (#28640375)

Don't you have a mass mail marketing webinar to attend somewhere? Get lost.

Re:The Sky isn't faling. (5, Interesting)

Maximum Prophet (716608) | more than 5 years ago | (#28640413)

No, it will only show those pages that have paid to be listed as what you want to see. (at least after an initial trial run)

This could easily be done in the browser in a non-evil way. When you type in a name and get a non-response, similar names typed after would be recorded. Then, when you make the same spelling error, gooogle.com, it takes you to where you want to go. Since it's in the browser, people could edit and share their commonly misspelled domain names.

Re:The Sky isn't faling. (1)

hobot (945430) | more than 5 years ago | (#28640417)

Yeah, because a GUI suggesting sites is what I was trying to go to in the first place!

Re:The Sky isn't faling. (1)

s7uar7 (746699) | more than 5 years ago | (#28640421)

There's more to the internet than just the www.

Re:The Sky isn't faling. (2, Interesting)

xvx (624327) | more than 5 years ago | (#28640463)

True, for anyone tech savvy they would know better. But what about people that don't know better and that extra ad revenue. Will that be passed back to the customer? Absolutely not.

Re:The Sky isn't faling. (1)

NeverVotedBush (1041088) | more than 5 years ago | (#28640787)

When you find a way to do a job cheaper or faster, or that brings in more revenue, do you tell your employer it's OK to lower your salary a corresponding amount?

I'm betting you don't.

Re:The Sky isn't faling. (4, Insightful)

mdmkolbe (944892) | more than 5 years ago | (#28640539)

Providing a nice GUI on a DNS lookup fail is the job of the web browser not the DNS server. DNS is infrastructure not user interface.

Re:The Sky isn't faling. (0)

Anonymous Coward | more than 5 years ago | (#28640545)

As others have mentioned before, DNS is unaware of what you need it for and some of us use it for other things than just surfing the web (read : HTTP protocol).

Getting a valid IP on an invalid name while trying to set up an FTP, SMTP, POP, etc connection (to name a few) could break the app (which assumes the internet standards are obeyed).

Re:The Sky isn't falling. (1)

UncleTogie (1004853) | more than 5 years ago | (#28640757)

Getting a valid IP on an invalid name while trying to set up an FTP, SMTP, POP, etc connection (to name a few) could break the app (which assumes the internet standards are obeyed).

Never assume; when you do you make an ass of Uma Thurman.

Re:The Sky isn't faling. (5, Informative)

doshell (757915) | more than 5 years ago | (#28640573)

It doesnt redirect you to another 3rd party site owned by the NSA, it simply provides a web GUI that suggest sites on what the system thought you wanted to see.

It doesn't redirect you to a third-party site owned by the NSA; it redirects you to a third-party site, full stop. This not only breaks a whole host of applications relying on DNS to inform them that a domain name doesn't exist, but it is in violation of the standards that hold the Internet together.

Re:The Sky isn't faling. (0)

Anonymous Coward | more than 5 years ago | (#28640667)

Doesn't IE already do that by redirecting you to bing.com with a search pattern?

Opt Out page is Slashdotted (2, Funny)

Itninja (937614) | more than 5 years ago | (#28640305)

Or is it Comcasted?

Re:Opt Out page is Slashdotted (0, Offtopic)

Macrat (638047) | more than 5 years ago | (#28640531)

Or is it Comcasted?

Comcastic!

Re:Opt Out page is Slashdotted (2, Funny)

NeverVotedBush (1041088) | more than 5 years ago | (#28640889)

I keep hoping someone would take their new commercial with the woman walking through the virtual world kind of chanting and substitute a really raunchy parody chant... g . o . a . t . s . e ... r . o . f . l - ing...

Best DNS alternative w/o redirection? (1)

FreakinSyco (873416) | more than 5 years ago | (#28640315)

I've given up on my ISPs (SuddenLink) DNS, it redirects. I've given up on OpenDNS, it redirects. I've given up on DNS Advantage, as they redirect.

All I want is clean unfiltered DNS.

Re:Best DNS alternative w/o redirection? (1, Informative)

Anonymous Coward | more than 5 years ago | (#28640485)

4.2.2.1

Re:Best DNS alternative w/o redirection? (0)

Anonymous Coward | more than 5 years ago | (#28640527)

Run your own.

Re:Best DNS alternative w/o redirection? (4, Informative)

sakti (16411) | more than 5 years ago | (#28640703)

I use Level3's anycast dns resolvers. They are fast and work great. Pair them with a local dns cache and you'll be golden.

4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6

In case you don't know about anycast.

http://en.wikipedia.org/wiki/Anycast [wikipedia.org]

Re:Best DNS alternative w/o redirection? (0)

Anonymous Coward | more than 5 years ago | (#28640833)

install BIND and use that

I just signed up the competition... (4, Interesting)

GPLDAN (732269) | more than 5 years ago | (#28640345)

It was *MUCH* easier for me to sign up for basic TV + internet with Comcast than what I ended up doing. I wanted to keep everything at the magic $100/mo. number, so I went with AT&T - DirecTV partnership, where they give you DSL and a dish and DVR, and put it all on one bill. My DSL is 3Mb down/768kb up, where a Speakeasy test at my neighbor showed almost 12Mb down and nearly a full meg up. When he asked "why would you choose that?" - my answer was simple: Comcast.

AT&T doesn't touch my bandwidth. They don't cap it, they don't filter it - they aren't keeping a database of my URL lookups. That's worth a great deal to me - and Comcast will never get my business. I urge everyone else to do the same, even if it is some other DSL provider or dish provider.

Re:I just signed up the competition... (5, Informative)

plaiddragon (20154) | more than 5 years ago | (#28640511)

AT&T ... they aren't keeping a database of my URL lookups7.

Until the NSA asks [eff.org] them to. Let's not pretend that AT&T isn't evil.

A LOT of ISPs already do this... (5, Informative)

nweaver (113078) | more than 5 years ago | (#28640355)

I don't want to name names, but Netalyzr [berkeley.edu] showed that several major ISPs already do this, and allows you to check for yourself what the behavior is on your network.

Comcast is following the lead of other major ISPs which have been doing this for some time now.

Re:A LOT of ISPs already do this... (1)

rliden (1473185) | more than 5 years ago | (#28640913)

-- Warning Slightly Off Topic --

Thanks for posting this tool. I've been experiencing unusually high packet loss for the last day and a half. This tool is really helpful for providing some detailed system information. I live in Oregon, in an area serviced by CenturyTel, not Comcast, and have wondered if their change could affect others network traffic in the region.

Rogers has been doing this for ages (0)

Anonymous Coward | more than 5 years ago | (#28640391)

Rogers has been doing this for ages here in Canada, and they don't offer opt-outs either. And, it's tweaked to fail a lot, it will sometimes redirect google.com to their search engine/ad displaying page. Yay opendns!

The future.. or THE FUTURE? (0, Offtopic)

synthesizerpatel (1210598) | more than 5 years ago | (#28640415)

It's COM^H^H^HCRAPTASTIC!

Problems with this (4, Interesting)

DigitAl56K (805623) | more than 5 years ago | (#28640437)

I speak from the perspective of being a RoadRunner user rather than a Comcast user, but RR implements a similar service. They have a link in the lower right of their results page where you can click to set your preferences and disable the "feature". Except just the other week that preference broke for me, and I was stuck with DNS hijacking. I phoned their customer service line, the person on the other end of the line had absolutely no idea what I was talking about.

DNS hijacking is a bit like Phorm without profiling really. Well, assuming there is no profiling. If there was profiling they'd make more money from the ads they'll inevitably insert there to "support" the service (Edit: oh look, they already have!). Personally I put this issue, along with Phorm in a whole category of problems related to the fact that we still don't secure and authenticate most of our activities on the internet (http, dns, yadayada). ISPs can do what they like and it's hard to stop them. Third-party DNS services seem to be the way to go recently. Of course without security/authentication your ISP can put a stop to that quite easily too.

This is all before you get in to the technical details of clients that may implement specific behavior for when bad DNS queries are expected to fail but don't.

the ONLY thing robbIE siad he would never do (0)

Anonymous Coward | more than 5 years ago | (#28640477)

censorship is thriving here on /.. just so va larry/robbIE (mega suckups that they've become) can try to stay/become as rich as nazis? delete that you pitiful LIEforms.

Lots have failed, but some have succeeded (4, Informative)

Sheafification (1205046) | more than 5 years ago | (#28640535)

I noticed the summary mentioned several attempts that have failed, but makes no mention of other ISPs that are still doing it. Time Warner Cable is one that has been doing this for a while now (maybe a year?). Anyone know of others?

Re:Lots have failed, but some have succeeded (1)

i.r.id10t (595143) | more than 5 years ago | (#28640661)

I think Windstream does since I've noticed it at friends houses. But at home I run a caching-only DNS server, so I never notice it...

Re:Lots have failed, but some have succeeded (1)

wjousts (1529427) | more than 5 years ago | (#28640823)

I was going to same the same thing. I'm pretty sure my Road Runner from TWC does this already. Of course, with bookmarks, the search box and address completion, I rarely type the wrong URL anymore.

Road Runner did it too (0)

Anonymous Coward | more than 5 years ago | (#28640639)

For a long time, I was having the crap annoyed out of me by it. It didn't even offer suggestions, really, just ads. It broke some of my scripts, too, since it caused a 200 response instead of returning a resolution error like it was supposed to. Fortunately, there was an opt-out link, but it was hard to find. I did opt out though, and now I'm not sure if they're still doing it.

They shouldn't control it. (2, Insightful)

Well-Fed Troll (1267230) | more than 5 years ago | (#28640641)

Why exactly does the ISP control DNS?
Given the shenanigans the ISPs and governmental authorities have been up to the last few years, I say we need to rethink TCP. You see, we've been assuming all along that ISPs are not malicious. We need to start assuming they are malicious. The new TCP protocol should only assume that all socket level data is sensitive and therefore must be encrypted as to both its contents AND its destination. This implies traffic shaping, onion routing and a public key based DNS

ISPs don't control DNS. (1)

John Hasler (414242) | more than 5 years ago | (#28640837)

> Why exactly does the ISP control DNS?

They don't.

Maybe.......... (1)

drummerboybac (1003077) | more than 5 years ago | (#28640659)

They can redirect me to a better cable company where I can get more HD channels, and where I don't have to go through (literally) 8 DVR's to get one that doesn't die.

Seriously, I went through a period where my DVR would crash and go into a reboot loop every 3 weeks and someone would have to come and replace it. that went on for almost 3 months

*sigh*

Sadly I'm stuck since I am surrounded by 5 story trees (no dish) and fios will not offer anything on my street ( technically a private road)

Bad assumption being made (4, Interesting)

FranTaylor (164577) | more than 5 years ago | (#28640683)

This is all done under the assumption that the DNS query is for an HTTP request.

What happens when other services run afoul of this setup?

For example: Is my POP client going to hand my login credentials to a Comcast server, if my email service's DNS does not resolve for some reason?

Re:Bad assumption being made (2, Funny)

mdm-adph (1030332) | more than 5 years ago | (#28640883)

Forgive me for my lack of knowledge in this area, but isn't there some sort of encryption involved with that? Wouldn't you verify that the server you've reached is actually the server you wanted before you hand over credientials?

Cablevision (1)

C_Kode (102755) | more than 5 years ago | (#28640695)

Cablevision already does this in the Northeast US. :(

retaliation? (1)

SuperBanana (662181) | more than 5 years ago | (#28640731)

How exactly does a customer "retaliate", other than canceling their service, which is grossly impractical, given that, for example, in Boston, one only has 1-2 choices in cost-effective, high-speed internet access? Verizon services almost all suburban areas in MA with FiOS, but not anywhere in Boston, Cambridge, etc....so your choices are shitty DSL for $$$, or Comcast.

Verisign DNS hijacking (1)

RazzleDazzle (442937) | more than 5 years ago | (#28640735)

These never [krytosvirus.com] get old [krytosvirus.com]

Opt Out if you're not cool with this (2, Informative)

ComcastBonnie (1449629) | more than 5 years ago | (#28640771)

Just go to the site below and opt-out :) https://dns-opt-out.comcast.net/ [comcast.net]

There is a bright spot in this.... (1)

jimpop (27817) | more than 5 years ago | (#28640783)

DNS redirection allows an ISP to quickly block infected PCs from participating in distributed attacks that rely on DNS.

I tried to circumvent this with OpenDNS... (1)

Hurricane78 (562437) | more than 5 years ago | (#28640799)

But then I noticed that OpenDNS also does DNS redirection!
The scary thing was, that of course this even works when I mistype Intranet addresses. (Should have been obvious to me, but I did not think about having switched to OpenDNS when this happened, and got very scared about the possibility of a MITM attack.)

Headline is wrong (1)

Thaelon (250687) | more than 5 years ago | (#28640813)

The headline should read:

"Comcast Colludes With Yahoo! to Redirect Miss-typed URL Traffic for their own Profit"

it can fail badly (5, Interesting)

RichMan (8097) | more than 5 years ago | (#28640821)

My ISP did it for a while. The problem was that it was badly implemented and increased to load on the upstream DNS services.

So if the middle layer DNS cache was empty and I asked for
    mybank.com the bottom level DNS timed out and it failed over to the advertising page.

---
Think of searching on coke.com or any real address then the system failing and redirecting you to pepsi.com.

Think of the lawsuits. Think of the denial of service attacks possible
      a) register not_mybank.com, have spoof of mybank.com page ready to launch
      b) pay to have a fail on mybank.com route to not_mybank.com
      c) denial of service attack to root servers for mybank.com, flip in your spoof page
      d) have the ISP's magically send people to your spoof site from their saved URL's and collect passwords

Yeah this is a good idea.

I'm done. I'll be switching as soon as possible. (1)

swillden (191260) | more than 5 years ago | (#28640841)

It's not that this is a really big deal for me. It's just the straw that broke the camel's back. I've had all sorts of trouble with Comcast of late, and this just pushed me over the edge. I've been very, very close ever since they started blocking outbound SMTP connections (yeah, I can and do use the SMTP submission port for sending e-mail, but how am I supposed to monitor my remote SMTP servers from home?).

Not the same at all. (4, Interesting)

John Hasler (414242) | more than 5 years ago | (#28640871)

> Some may remember when VeriSign tried this back in 2003, where it also failed.

Not the same at all. VeriSign tried to do it with the TLD servers, which nobody can avoid. These guys are just doing it with their own servers, which you can bypass unless they block you. Even if they do you can, at least in theory, switch ISPs. They aren't likely to bother with blocking, though, because the number of people who will bypass is tiny.

Mark that user... (1)

donut1005 (982510) | more than 5 years ago | (#28640893)

So if I call in to opt out, does that put me on their traffic watch list?

I hate their tech support (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28640907)

https://dns-opt-out.comcast.net/

That is where you go to opt out. I called tech support and no one even new what I was talking about until I directed them to their own announcement.

What about non-HTTP? (5, Interesting)

slushdork (566514) | more than 5 years ago | (#28640915)

I'm a Comcast "customer" in an affected "market" (Colorado). How will this affect DNS resolution requests for non-HTTP purposes? There is no way for the Comcast DNS servers to know what a DNS name resolution request is for: it could be for HTTP, or it could be for SSH, FTP, etc. So if I mis-type an FQDN hostname in an SSH command, will the DNS resolution request now suceed? Previously SSH would fail with a "cannot resolve hostname" error or something similar. Will it now try to connect with SSH to the Comcast "domain helper" servers? What about its effects on local DNS caching servers (e.g. dnsmasq)?

Also, this statement from Comcast's blog is blatantly false:

Despite the fact that web addresses are easier to remember than their IP address counterparts, sometimes you mistype an address. Let's say you type in http://www.comtcas.com/ [comtcas.com] (instead of http://www.comcast.com./ [www.comcast.com] Normally you then sit and wait for the Web browser to time out, then you receive an error message that the site does not exist, and then you have to retype the correct address.

Normally you would *never* "sit and wait for the Web browser to time out" (well, these *are* Comcast's DNS servers after all, so in this specific case it might be true). Normally, your browser would get a DNS resolution failure and show you a built-in error page instantaneously. Now, on the other hand, you have to wait until your browser goes off and loads a page of Comcast ads.

Domain Helper my a$$!

Oblig. (4, Funny)

blackfrancis75 (911664) | more than 5 years ago | (#28640935)

I've been a Comcast customer for HERBAL VIAGRA several years and have never had an issue with unsolicited REAL WEIGHT LOSS advertising of any kind.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>