 ctg1701aVIP
join:2008-08-07
Philadelphia, PA | reply to ctg1701a
Re: [DNS] Comcast Launches Trial of Domain Helper Service We have started to roll out this service to the rest of the country today and we wanted to give folks an FYI in case they wanted to opt-out or wanted to learn more about what we were doing:
You can opt-out here:
»dns-opt-out.comcast.net
If you would like to read about this in an updated blog post:
»www.comcastvoices.com/2009/08/do···ins.html
We have also added a page to our network management site that goes into detail about how the redirect service works and what types of filtering we are using:
»networkmanagement.comcast.net/Do···ogic.htm
We are also now listing a full list of IP addresses for our DNS caching servers opt-in/out to use for statically assigning them as needed:
»dns.comcast.net/dns-ip-addresses.html |
|
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | The list of IP addresses needs to be sorted by area.
I'm trying to opt out again. Mine never changed. I'm hoping I just put the wrong MAC address the first time. I checked it carefully this time. |
|
ctg1701aVIP
join:2008-08-07
Philadelphia, PA | If you PM me your information I can help you to opt out.
Thanks |
|
| reply to ctg1701a
Just ran into this myself tonight. Pleased to see that Comcast is being up front in communicating what is happening (even if I don't think it's a good thing to be doing - my browser already handles redirecting to my preferred search engine).
However, when looking into this, the first reference I found was this at Comcast's site:
»www.comcast.com/customers/faq/Fa···?Id=4923
which incorrectly indicates that this is caused by the Comcast Toolbar (which I don't have installed). Updating the FAQ with the new info in this thread would be helpful. |
|
| reply to ctg1701a
The opt-out service does not work, at all. Proof: I opted out, rebooted the network hardware, and the DHCP keeps coming through with the wrong addresses.
We had to reconfigure to static ones. These DNS Addresses worked to disable this crap:
»dns.comcast.net/dns-ip-addresses.html
So, where should I send the bill for the time to reconfigure our network devices, and cleanup the spam and other crap that your change let get through our firewalls and into our systems today, hmm? I estimate about 24 total man-hours of labor, at $200 an hour.
When you break DNS, you break everything above it too. Comcast broke their DNS servers today. |
|
ctg1701aVIP
join:2008-08-07
Philadelphia, PA | said by Bobbob :The opt-out service does not work, at all. Proof: I opted out, rebooted the network hardware, and the DHCP keeps coming through with the wrong addresses. We had to reconfigure to static ones. These DNS Addresses worked to disable this crap: » dns.comcast.net/dns-ip-addresses.htmlSo, where should I send the bill for the time to reconfigure our network devices, and cleanup the spam and other crap that your change let get through our firewalls and into our systems today, hmm? I estimate about 24 total man-hours of labor, at $200 an hour. When you break DNS, you break everything above it too. Comcast broke their DNS servers today. Since you are posting anonymously I could only verify using the email you posted under and it says your account is in delete status. If this is not the case, please login to the site and please PM your information and will be happy to help you opt-out.
Thanks |
|
Morb
join:2005-11-03
Forest Hill, MD | Opt-out is a miserable cop-out.
ctg1701a, are you guys actually listening to your customers tell you this is wrong and you should stop, or are you just paid to parrot "opt-out! opt-out! opt-out!"? Seriously, are we wasting our breath here? |
|
 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | said by Morb:Opt-out is a miserable cop-out. ctg1701a, are you guys actually listening to your customers tell you this is wrong and you should stop, or are you just paid to parrot "opt-out! opt-out! opt-out!"? Seriously, are we wasting our breath here? ctg1701a and I are engineers charged with operating the system, not decision-making with respect to whether or not to launch the system, FWIW. In any case, most other ISPs that have done this have not been public about it, while we have been very, very public. The pattern matching we do is also very conservative and has been openly documented (»networkmanagement.comcast.net/Do···ogic.htm). And we surveyed what other companies have done for opt-out and aimed to make ours easier and more automated than anyone else.
J
--
JL
Comcast |
|
approval from:
funchords 
jlivingood
| said by jlivingood:said by Morb:Opt-out is a miserable cop-out. ctg1701a, are you guys actually listening to your customers tell you this is wrong and you should stop, or are you just paid to parrot "opt-out! opt-out! opt-out!"? Seriously, are we wasting our breath here? ctg1701a and I are engineers charged with operating the system, not decision-making with respect to whether or not to launch the system, FWIW. In any case, most other ISPs that have done this have not been public about it, while we have been very, very public. The pattern matching we do is also very conservative and has been openly documented (» networkmanagement.comcast.net/Do···ogic.htm). And we surveyed what other companies have done for opt-out and aimed to make ours easier and more automated than anyone else. J I've used other ISPs where there is no opt-out, and it's not fun, especially where the system you're on blocks port 53 UDP. I have to wonder how long it will take malware slingers to exploit the ISPs redirect. I know that you CC engineers don't make these decisions, you just get to deal with the fallout. The *idea* people are never the ones who need to make it work. I also work in a company with over 100000 employees, and I know what you have to go through to make opt-out available. To accomplish the equivalent in my company would probably require homicide, or at least pissing off a *lot* of people who can affect my career. I just wanted to chime in between all the ass reaming that going on here, and thank you for not forgetting about people like me. You could have done the easy thing, said F-it (like other ISPs with no opt-out), let people deal with it, and heard a lot less shit about it. It being what it is, I don't know how you could make it any better, and I just want you to know that I appreciate what you have done to make it as painless as possible. |
|
jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to Pingmeister
Re: [DNS] Comcast Launches Trial of Domain Helper Service said by Pingmeister :
I've used other ISPs where there is no opt-out, and it's not fun, especially where the system you're on blocks port 53 UDP. I have to wonder how long it will take malware slingers to exploit the ISPs redirect. I know that you CC engineers don't make these decisions, you just get to deal with the fallout. The *idea* people are never the ones who need to make it work. I also work in a company with over 100000 employees, and I know what you have to go through to make opt-out available. To accomplish the equivalent in my company would probably require homicide, or at least pissing off a *lot* of people who can affect my career. I just wanted to chime in between all the ass reaming that going on here, and thank you for not forgetting about people like me. You could have done the easy thing, said F-it (like other ISPs with no opt-out), let people deal with it, and heard a lot less shit about it. It being what it is, I don't know how you could make it any better, and I just want you to know that I appreciate what you have done to make it as painless as possible.
Thanks for the post and giving me a good chuckle. 
--
JL
Comcast |
|
 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51
 ·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
| reply to jlivingood
said by jlivingood: ...we surveyed what other companies have done for opt-out and aimed to make ours easier and more automated than anyone else. J And that it was.
Thank you, Comcast for the option.
No issues here, quick - done.
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~ |
|
| reply to ctg1701a
said by ctg1701a:said by Bobbob :The opt-out service does not work, at all. Proof: I opted out, rebooted the network hardware, and the DHCP keeps coming through with the wrong addresses. We had to reconfigure to static ones. These DNS Addresses worked to disable this crap: » dns.comcast.net/dns-ip-addresses.htmlSo, where should I send the bill for the time to reconfigure our network devices, and cleanup the spam and other crap that your change let get through our firewalls and into our systems today, hmm? I estimate about 24 total man-hours of labor, at $200 an hour. When you break DNS, you break everything above it too. Comcast broke their DNS servers today. Since you are posting anonymously I could only verify using the email you posted under and it says your account is in delete status. If this is not the case, please login to the site and please PM your information and will be happy to help you opt-out. Thanks No thanks. We've decided to go a different direction, and opt out of your service entirely. We're in talks with another provider, who's more than happy to sign actual contracts stating that if they fuck up their DNS, then they'll foot the bill for the problem.
So there. This is at least one customer you can kiss goodbye because of this. Hopefully, it won't be the last. I hope your company burns. |
|
