October 9th, 2009 ··· andarius
Not too long ago Comcast decided to play the DNS game with along with a bunch of other ISPs and DNS service providers. What do I mean and why would they do this? I will explain what that means in a moment, why is simple. It allows them to push and/or control your traffic in many ways.
DNS stands for the Domain Name System. In reality pretty much all things on the internet have an address. That address is a number. To make things simple for use humans names are assigned to those numbers which DNS servers translate into the numbers for us. While this is a massive over simplification it gets the idea across.
So if you think about it, whomever controls the name to number translation controls your traffic unless you know the numbers yourself. Right now the affect I have seen with Comcast’s meddling is minor. A prime example would be web sites. If I request a site my systems would by default ask Comcast what the IP is so I can go find it. Since they have started meddling with things if I request a site that does not have an address associated with it they redirect me to a search page they own, with their proffered adds and such on it, recommending what they thought I was looking for. Not too bad right?
Honestly to me it is bad. Normally if you request a site and it does not exist you get an error in your browser. Instead now I get visually spammed by Comcast and their partners. Not only that, they are screwing up in the process. They failed to resolve google.com for me. Not once but several times. Take a wild guess who their search partner is for their spam page… Yahoo. How can a major ISP mess up the DNS for one of the most, if not the most visited sites on the web? Simply put this is fail. A prime example of Comcast DNS failery:
To resolve this I wanted to redirect my DNS queries to something a bit more trustworthy. A fine gentlamn (thanks rob0) directed me to the Slackware default bind configuration. This being a caching name server which uses root servers for its data. Thus skipping Comcast all together. To fire this puppy up one simply has to make sure that bind is installed, chmod +x the rc file and your done. If you want the machine to use the server itself edit /etc/resolv.conf accordingly. If the machine is using DHCP to get its IP configuration make sure that DHCP will not override this setting. I am using my server which is a static IP so no worries.
To further things along and make it network wide I configured my firewall to assign my server IP as the DNS server for all DHCP clients. I also configured the firewall itself to use my server for DNS to make sure it gets valid data as well. For Endian Firewall this was not a simple thing to find at first. Under the network main menu option one can edit their interfaces. Once you select the interface for editing there will be a check box for “Use custom DNS settings”. Check this and enter the bind server’s IP. Click “Update Uplink” and your done.
Some of the more perceptive may be saying “why not simply click on the ‘disable this error service’ link to disable it”. Well, while disabled they are still hijacking my DNS requests. Now I get the added latency of them checking to see if my IP or whatever has opted out of their spam… no thanks. They have already demonstrated they prefer to push junk than provide a good service. Should they start filtering and capturing DNS, I shall start looking for a new ISP.
Leave a Reply
