 koitsuPremium,MVM
join:2002-07-16
Mountain View, CA
kudos:14
1 edit | reply to jack b
Re: [DNS] Comcast Launches Trial of Domain Helper Servicesaid by jack b:Thanks for your interest, but the issue is now moot, since opting out from "the service". Here is the address I enter in my browser: which resolves to the embedded web server in the energy monitor device's hardware gateway. I was being redirected to Comcast's search page. I can no longer duplicate the error since opting out, but that redirect stopped immediately while using OpenDNS. So it seems Comcast's methodology, prior to opting out, "breaks" how Windows does DNS lookups. It's safe to say that if you've been using Comcast's DNS servers all this time and the above URL worked fine, that what was happening was a NetBIOS / NetBT name lookup or something along those lines.
What ends up happening:
Prior to opt-out: Windows attempts a DNS lookup first, which it gets back success for -- due to the new Comcast DNS methodology described -- and redirects you.
Post opt-out or when using a non-Comcast DNS server: Windows attempts a DNS lookup first, which fails (NXDOMAIN). Windows then attempts a NetBIOS / NetBT lookup, which works.
Opting out or using another DNS provider should address this, but ultimately the problem here is that you're expecting DNS to work in a way it isn't designed to work. You need to run (and use) your own local (LAN-based) DNS server and pick a non-valid domain name of your choice (home.lan is a common one), and make your workstations members of the home.lan domain. In the DNS server, add an A record for ted5000.home.lan pointing to whatever the IP address of your web server is, and voila -- problem solved permanently. Said DNS server can also do caching + resolution, and completely removes your reliance on Comcast, OpenDNS, or anyone else for DNS resolution -- your server would talk directly to Internet root servers.
And no, this is not a server in the "I'm violating Comcast's TOS" sense -- said DNS server shouldn't listen on any interface other than your LAN interfaces, and should not have ports forwarded to it via a router or otherwise.
I've been doing the above for years, since I have multiple UNIX machines at home which I talk to across the LAN, and want DNS to work for all of them -- I want nothing to do with NetBIOS / NetBT and neither should you. :-)
Another alternative would be to find out if your Windows machines could be configured to do NetBIOS / NetBT lookups *before* DNS lookups.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer. |
|
 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to jack b
said by jack b:Thanks for your interest, but the issue is now moot, since opting out from "the service". Here is the address I enter in my browser: which resolves to the embedded web server in the energy monitor device's hardware gateway. I was being redirected to Comcast's search page. I can no longer duplicate the error since opting out, but that redirect stopped immediately while using OpenDNS. If you switch back, I'd like to see the nslookup of this at the command line. I am wondering if your browser, seeing an NXDOMAIN response, tries to add "www." and ".com" on either side of the name. What web browser are you using?
--
JL
Comcast |
|
|
|
 ctg1701aVIP
join:2008-08-07
Philadelphia, PA
1 edit | reply to jack b
said by jack b:Thanks for your interest, but the issue is now moot, since opting out from "the service". Here is the address I enter in my browser: which resolves to the embedded web server in the energy monitor device's hardware gateway. I was being redirected to Comcast's search page. I can no longer duplicate the error since opting out, but that redirect stopped immediately while using OpenDNS. Sure you can replicate and here is how:
Please reference our DNS servers list here:
http://dns.comcast.net/dns-ip-addresses.html
Comcast Domain Helper DNS = NXDOMAIN for this because it does not meet the requirements as specified here:
http://networkmanagement.comcast.net/DomainHelperLogic.htm:
dig @68.87.75.198 ted5000
status: NXDOMAIN
;; QUESTION SECTION:
;ted5000. IN A
;; AUTHORITY SECTION:
. 900 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009081100 1800 900 604800 86400
OpenDNS does redirect this to their landing page for redirection so I am not sure how it stopped working after you switched to them nor how you could have received the Domain Helper website:
dig @208.67.222.222 ted5000
status: NOERROR
;; QUESTION SECTION:
;ted5000. IN A
;; ANSWER SECTION:
ted5000. 0 IN A 208.67.219.132
Please feel free to replicate and post any feedback.
Thanks |
|
ctg1701aVIP
join:2008-08-07
Philadelphia, PA | reply to koitsu
said by koitsu:So it seems Comcast's methodology, prior to opting out, "breaks" how Windows does DNS lookups. It's safe to say that if you've been using Comcast's DNS servers all this time and the above URL worked fine, that what was happening was a NetBIOS / NetBT name lookup or something along those lines. What ends up happening: Prior to opt-out: Windows attempts a DNS lookup first, which it gets back success for -- due to the new Comcast DNS methodology described -- and redirects you. This just isn't the case. Windows DNS resolution as well as NetBIOS should not be impacted by Domain Helper. Maybe if you are naming everything in your internal Lan www.doesnotexist.com/.net/.org, but if you are doing this, you have other issues going on.
Please refer to how domain helper works here and how the filter functions:
»networkmanagement.comcast.net/Do···ogic.htm
said by koitsu:You need to run (and use) your own local (LAN-based) DNS server and pick a non-valid domain name of your choice (home.lan is a common one), and make your workstations members of the home.lan domain. In the DNS server, add an A record for ted5000.home.lan pointing to whatever the IP address of your web server is, and voila -- problem solved permanently. Said DNS server can also do caching + resolution, and completely removes your reliance on Comcast, OpenDNS, or anyone else for DNS resolution -- your server would talk directly to Internet root servers. And no, this is not a server in the "I'm violating Comcast's TOS" sense -- said DNS server shouldn't listen on any interface other than your LAN interfaces, and should not have ports forwarded to it via a router or otherwise. I've been doing the above for years, since I have multiple UNIX machines at home which I talk to across the LAN, and want DNS to work for all of them -- I want nothing to do with NetBIOS / NetBT and neither should you.  Nice write-up on running internal LAN DNS. For those people that can do it, it should work very nicely and function as you describe. Just make sure you keep it upgraded and don't forget that you installed it |
|
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | reply to ctg1701a
Another minor issue could be local DNS or browser caching on your computer. I did a test on my computer to www.comcrap.com, which redirected. I changed the DNS, but the browser still went there. I think I just closed/restarted the browser, or did an IPCONFIG /flushdns to clear it.
Also, some browsers MAY automatically append a "www." and ".com" to a name and try it first if both are missing. Only if it gets an error return will it try a 'no-dot' name. |
|
 jack bGone FishingPremium,MVM
join:2000-09-08
Cape Cod
kudos:1 | reply to jlivingood
said by jlivingood:If you switch back, I'd like to see the nslookup of this at the command line. I am wondering if your browser, seeing an NXDOMAIN response, tries to add "www." and ".com" on either side of the name. What web browser are you using? I'm using Firefox 3.09 and I had experienced the redirect issue with IE 6.0 browser as well.
I entered the Comcast Domain Helper DNS Servers into my router WAN configuration that ctg1701a was kind enough to post, 68.87.71.230 68.87.73.246, and still have no problem accessing my device, however a mis-typed address does not launch the DNS helper, I imagine that being because I have already been opted out since submitting my modem MAC.
I am unable to replicate the issue I was experiencing, at this time, irregardless of the DNS servers used.
Thanks for the replies!
--
~Help Find a Cure for Cancer~
~Proud Member of Team Discovery ~ |
|
| reply to ctg1701a
I sorry, but this is nothing bit a money grab for online search numbers. There are so many other problems of concern to Comcast customers that they could have spent time and effort fixing, but no, we get a 'Domain Helper' that no one asked for... and an opt-out rather than an opt-in to boot. And the opt-out takes three days to process! (I just did mine; let's see if it even happens)
Comcast: how about putting money and effort into improving bandwidth issues in areas of high cable adoption/congestion? How about aggressively rolling out DOCSIS 3.0?
Why not? Because those things cost money. While this 'Domain Helper' makes them money. So Comcast, just don't hide behind the guise of 'helping the customer' with these initiatives. A majority of your customers are sheep and don't really care, but there will always be a good number of critical thinkers that will expose your spin for what it is.
Why do corporations insist on aggravating their customers? |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
 ·SONIC.NET
·Pacific Bell - SBC
| said by ptrace :
Why do corporations insist on aggravating their customers?
Corporations have to serve two masters:
• Shareholders.
• Customers.
Aggravated customers are not as hard on the corporate managers as aggravated shareholders.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | Quaint. |
|
 sortofageekNot TroublePremium,Mod
join:2001-08-19
There & Then
kudos:13 | reply to ctg1701a
(topic move) [DNS] Why am i getting numerous UDP floods and scanModerator Action
The post that was here (and all 8 followups to it), has been moved to a new topic .. »[DNS] Why am i getting numerous UDP floods and scans from Comcas |
|
