| Windstream DNS server - 'entry-not-found.com'? Hi. Is anyone else seeing this? It appears that Windstream is hijacking browser/system settings and forwarding failed DNS requests to some obscure ad sponsored site.
Opting out requires a cookie on each machine (!) and totally negates any browser settings.
Even worse, their opt-out error page is a copy/paste of the IE 404 page. Nice to see on my Mac in Firefox... |
|
 evilghostPremium
join:2003-11-22
Springville, AL
2 edits | Without knowning your environment it sounds like your AP/Router has been compromised by MITM DNS. What DNS servers are you using?
# nslookup thisdomaindoesnotexistandneverdidkj4aur.com 166.102.165.11
Server: nsvip01.windstream.net
Address: 166.102.165.11
nslookup: thisdomaindoesnotexistandneverdidkj4aur.com: Unknown host
# nslookup thisdomaindoesnotexistandneverdidkj4aur.com 166.102.165.13
Server: nsvip02.windstream.net
Address: 166.102.165.13
nslookup: thisdomaindoesnotexistandneverdidkj4aur.com: Unknown host
By the way, I see you :)
»www.computing.net/security/wwwbo···134.html |
|
|
|
evilghostPremium
join:2003-11-22
Springville, AL | reply to ScottMac
Reply to my own thread. The answer is you have the Yahoo toolbar installed on both PCs evidently (unless you are not using the same DNS servers I am), I saw this exact behavior in the DSL Reports security forum but I can't find the URL right now. |
|
 PiggieI Actually use WindstreamPremium
join:2005-11-23
Orange Springs, FL | It's not happening here in FL.....
Browser and command line just give domain not found or Non-existent domain. |
|
| reply to evilghost
It is happening here in Arkansas. It is definitely not caused by a toolbar, as running a command line query with a random domain name shows.
; <<>> DiG 9.3.4 <<>> @nsvip01.windstream.net www.eughi9IaoDai9me3tohrohN3.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4806
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.eughi9IaoDai9me3tohrohN3.com. IN A
;; ANSWER SECTION:
www.eughi9IaoDai9me3tohrohN3.com. 60 IN A 63.251.179.32
www.eughi9IaoDai9me3tohrohN3.com. 60 IN A 8.15.7.111
;; AUTHORITY SECTION:
www.eughi9IaoDai9me3tohrohN3.com. 65535 IN NS WSC2.JOMAX.NET.
www.eughi9IaoDai9me3tohrohN3.com. 65535 IN NS WSC1.JOMAX.NET.
;; Query time: 55 msec
;; SERVER: 166.102.165.11#53(166.102.165.11)
;; WHEN: Wed Jan 9 00:03:15 2008
;; MSG SIZE rcvd: 138
; <<>> DiG 9.3.4 <<>> @nsvip02.windstream.net www.eughi9IaoDai9me3tohrohN3.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51787
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.eughi9IaoDai9me3tohrohN3.com. IN A
;; ANSWER SECTION:
www.eughi9IaoDai9me3tohrohN3.com. 60 IN A 63.251.179.32
www.eughi9IaoDai9me3tohrohN3.com. 60 IN A 8.15.7.111
;; AUTHORITY SECTION:
www.eughi9IaoDai9me3tohrohN3.com. 65535 IN NS WSC2.JOMAX.NET.
www.eughi9IaoDai9me3tohrohN3.com. 65535 IN NS WSC1.JOMAX.NET.
;; Query time: 212 msec
;; SERVER: 166.102.165.13#53(166.102.165.13)
;; WHEN: Wed Jan 9 00:03:09 2008
;; MSG SIZE rcvd: 138
|
|
| I don't know where everyone is from and what not but someone in this thread:
»[Network] is it just me? Windstream 404??
Had a windstream 404 error page due to yahoo toolbar - it was gone when he uninstalled it.
Off the top of my head I wonder if the toolbar modifies the hosts file ? I'm not really sure if that would effect DNS or not but I would imagine it would. |
|
PiggieI Actually use WindstreamPremium
join:2005-11-23
Orange Springs, FL | Yeap, it depends on the DNS one uses why I probably said no before but it is here.
C:\Documents and Settings\PigMan>nslookup nowayhoseisthisadomaininmaineornhoriowa.us
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
*** vnsc-bak.sys.gtei.net can't find nowayhoseisthisadomaininmaineornhoriowa.us: Non-existent domain
C:\Documents and Settings\PigMan>nslookup nowayhoseisthisadomaininmaineornhoriowa.us 166.102.165.11
Server: nsvip01.windstream.net
Address: 166.102.165.11
Non-authoritative answer:
Name: nowayhoseisthisadomaininmaineornhoriowa.us
Addresses: 63.251.179.32, 8.15.7.111
C:\Documents and Settings\PapaPig>
--
| Speedstream 4200 Modem - 3m/384 plan | W98-W2KSP4-XPSP2 - All AMD | Buffalo WHR G54S with Tomato 1.13 | 3 downstream switches feeding 6 total clients (no wireless) | Including the Data port on the side of my neck | |
|
| reply to ScottMac
It's happening here in Nebraska, and I think I can safely rule out a toolbar doing it as it's happening under Linux, with firefox, opera, and konqueror (though curiously not Lynx).
I think it's time to try OpenDNS again. |
|
PiggieI Actually use WindstreamPremium
join:2005-11-23
Orange Springs, FL | said by bort123:I think it's time to try OpenDNS again. Yes, its being done with the WS DNS servers, not a proxy like Hughes did once. So just change DNS servers fixes it. Why I didn't see it. I use
4.2.2.2
4.2.2.3
4.2.2.4
OpenDNS should work fine also.
--
| Speedstream 4200 Modem - 3m/384 plan | W98-W2KSP4-XPSP2 - All AMD | Buffalo WHR G54S with Tomato 1.13 | 3 downstream switches feeding 6 total clients (no wireless) | Including the Data port on the side of my neck | |
|
evilghostPremium
join:2003-11-22
Springville, AL | reply to ScottMac
I run my own bind9 server here locally, you Linux guys may want to do the same. |
|
1 edit | I just used OpenDNS and I got TWO pop ups when I had a domain not found.
is that a joke? = =
edit:
I tried using 4.2.2.2 and 4.2.2.3 and they don't have any ads or anything, just the normal not found page. yay! |
|
PiggieI Actually use WindstreamPremium
join:2005-11-23
Orange Springs, FL | Hmm, I don't know, haven't used OpenDNS for years since I found these other DNS servers. I did time 4.2.2.2 and 4.2.2.4 and both were under 30ms and 3 hops off our Atlanta gateway. You just can't get much faster DNS than that over DSL and not have an in house server.
--
| Speedstream 4200 Modem - 3m/384 plan | W98-W2KSP4-XPSP2 - All AMD | Buffalo WHR G54S with Tomato 1.13 | 3 downstream switches feeding 6 total clients (no wireless) | Including the Data port on the side of my neck | |
|
1 edit | reply to evilghost
said by evilghost:I run my own bind9 server here locally, you Linux guys may want to do the same. I started to install bind within minutes of noticing the wildcarding. I am not going to allow an ISP to pollute my internet experience as if my computer was infected with adware. |
|
1 edit | reply to ScottMac
Yes, it is sad that Windstream decided to jump the bandwagon. I guess making a buck from mistyped URLs is more important than fully implementing Internet standards.
Lac
Use the "clean" DNS - OpenDNS 208.67.222.222, 208.67.220.220. |
|
evilghostPremium
join:2003-11-22
Springville, AL | reply to magnetron
said by magnetron:said by evilghost:I run my own bind9 server here locally, you Linux guys may want to do the same. I started to install bind within minutes of noticing the wildcarding. I am not going to allow an ISP to pollute my internet experience as if my computer was infected with adware. 100% agree. |
|
| reply to ScottMac
It's happening here for me also and I live in PA. I think it's pretty lame that I get an IE 404 page when I'm using Firefox. Do those people at WS even think before they act? Sure doesn't look like it. |
|
JmanA9
join:2003-06-12
Export, PA | reply to ScottMac
I'm getting this too. Time to change DNS servers..... |
|
Reviews:
 ·Windstream
| said by JmanA9:I'm getting this too. Time to change DNS servers..... I think we should all call Windstream and complain. This is unacceptable. What is next; inserting ads to emails?
Lac |
|
PiggieI Actually use WindstreamPremium
join:2005-11-23
Orange Springs, FL
1 edit | Never ever ask that question! :@)
Yes, it's time to complain. Sales hate complaints I think more than any other easy to find number.
I mainly use my own email servers anyway. And anyone can get an alt email server. I believe godaddy has one that comes free with a domain name. That is cheap price per year.
--
| Speedstream 4200 Modem - 3m/384 plan | W98-W2KSP4-XPSP2 - All AMD | Buffalo WHR G54S with Tomato 1.13 | 3 downstream switches feeding 6 total clients (no wireless) | Including the Data port on the side of my neck | |
|
mojo1
join:2006-12-05
Atlanta, GA | I get a Windstream-branded Yahoo search page. Seems innocent enough when I try WS DNS servers. But, I've been using opendns for awhile now but then I started thinking about the possibility of data mining with opendns. Of course, WS could be doing it too.
Maybe I am just paranoid. Just because I think they are out to get me doesn't mean they are not... |
|
