TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx |
TamaraB
Premium Member
2011-Feb-4 8:45 am
Run your own DNS peopleIt stops this BS as well as some ISP tracking! | |
|
| |
Use OpenDNS PEOPLE!!Wish people would stop complaining about their DNS and just use OpenDNS!
208.67.222.222 208.67.220.220 | |
|
| | |
Re: Use OpenDNS PEOPLE!!Using OpenDNS will only help with the DNS redirection. If they're using DPI, you're SOL.
Now, if you run your own DNS servers, you might be in a better position, since your query would be answered before it leaves your local network. | |
|
| | | |
Re: Use OpenDNS PEOPLE!!Correct, as the users note -- this stuff is working whether or not they use third-party DNS alternatives. | |
|
| | |
NotOpenDNS to inferno4
Anon
2011-Feb-4 10:20 am
to inferno4
You're seriously recommending OpenDNS on a thread regarding invasive DPI and NXDOMAIN poisoning? You're replacing one evil with an even larger evil -- OpenDNS happily gorges themselves on the demographic information you freely slap against their resolvers. The solution is to indeed run your own DNS server pointed at roothints and not rely on any "free" DNS service or sadly, your own ISPs. Have you read OpenDNS's privacy policy; » www.opendns.com/privacy/"Statistics are not personally identifiable but are correlated to your IP address and your account if you have signed up for one. OpenDNS uses Statistics to provide you with the DNS service and for internal analysis.""In addition, OpenDNS also collects potentially personally-identifying information like the Internet Protocol (IP) addresses from which DNS requests are made. For its DNS services, OpenDNS temporarily stores logs to monitor and improve our quality of service, and to collect high-level aggregate Statistics."Before you recommend a service spend some time reading exactly what you collect. You may find you've simply traded one privacy invasive technology for another. OpenDNS is doing what many of the ISP resolvers are now doing -- profiting from your data. Finally, Karl, thank you for tying this back into Windstream, it's good that you've done this so people don't forget just how heinous their acts were and how evasive they were in admitting they were doing DPI. | |
|
| | | ArrayListDevOps Premium Member join:2005-03-19 Mullica Hill, NJ |
Re: Use OpenDNS PEOPLE!!if you don't think someone is gobbling up your dns requests your crazy. | |
|
| | Aoxxt join:2010-12-13 Dearborn, MI |
to inferno4
Google's dns service is less evil and more standards compliant than OpenDNS and thats saying something
8.8.8.8 8.8.4.4 | |
|
| FFH5 Premium Member join:2002-03-03 Tavistock NJ |
to TamaraB
Re: Run your own DNS peoplesaid by TamaraB:Run your own DNS people It stops this BS as well as some ISP tracking! Ok. Now how do you set that up for a run of the mill retail wireless router that 90% of the users will be using? And who have smartphones, xboxes, Wiis, iPads, etc using Wifi to access the Internet and not just a desktop or laptop? | |
|
| | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
2 recommendations |
TamaraB
Premium Member
2011-Feb-4 10:34 am
Re: Run your own DNS peoplesaid by FFH5:Ok. Now how do you set that up for a run of the mill retail wireless router that 90% of the users will be using? And who have smartphones .... You can't run a DNS server on any phone I know of, however, most can connect to the Internet via VPN. What I do on my iPhone is run it through my off-shore VPN. That cures all these nefarious ills. On my laptop and on my netbook, I simply run Bind9. To circumvent e-mail snooping, I use DynDns to ID my box wherever and whatever I am connected to, and run postfix to deliver and pick up my email. The ONLY way around all this ISP bullshit is to use them as the dumb pipe they really are. If you use your ISP this way, all they see is an encrypted data-stream immune to DPI, port blocking, DNS-Redirection, and usage-logging. The very slight speed hit is worth the added security and privacy. It works perfectly fine for me, and I feel comfortable that my ISP knows nothing about my activities, nor can they "manage" me in any way. It's called NET-NEUTRALITY, and FREEDOM, and is technically available today if you want to do the leg work to implement it. Bob | |
|
| | b10010011Whats a Posting tag? join:2004-09-07 united state
1 recommendation |
to FFH5
You set your "run if the mill router" DNS server settings to the IP address of your DNS server, just like you set it now with your ISP's DNS server or OpenDNS | |
|
| | |
corneliusnli to FFH5
Anon
2011-Feb-5 7:14 am
to FFH5
The way i do it (with a much smaller network) is BIND + DHCP server. DHCPD hand out IP addresses and the dns server to use and BIND handles the rest. I run a caching BIND server just to block ads and malware sites. so instead of downloading and maintaining multiple pieces of software, DNS blocks ad ~90% of ad sites. | |
|
| | | Netgear R6300 v2 ARRIS SB6180
|
Re: Run your own DNS peoplesaid by corneliusnli :The way i do it (with a much smaller network) is BIND + DHCP server. DHCPD hand out IP addresses and the dns server to use and BIND handles the rest. I run a caching BIND server just to block ads and malware sites. so instead of downloading and maintaining multiple pieces of software, DNS blocks ad ~90% of ad sites. does that block intercepted 404 errors? as in a real valid domain name, but you goofed on a page name and youd NORMALLY get a 404 from the site. in this case (and what most people seem to be missing here) is that thats what happens as well. changing dns will solve "some" of it. but in this case you could have a valid site, but a goofed page i.e. » /thisp ··· ere.html you SHOULD get a 404 since dslreports obviously exists, what users are reporting is you DONT get a 404, instead your getting the mediacom redirect. yes, people should be angry over dns redirection, its a nasty "feature" that breaks some programs. but they should be just as angry or MORE SO that valid domains are getting intercepted for page 404's | |
|
| |
to TamaraB
Sadly, most people have no idea how to set up their routers, let alone a DNS server. Hell, I work with computers every day and I'll be honest, I don't know how to do it. | |
|
| | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
1 recommendation |
TamaraB
Premium Member
2011-Feb-4 10:52 am
Re: Run your own DNS peoplesaid by TheRogueX:Sadly, most people have no idea how to set up their routers, let alone a DNS server. You shouldn't need to do anything with the router. All DNS queries are initiated from inside. said by TheRogueX: Hell, I work with computers every day and I'll be honest, I don't know how to do it. There is a ton of DNS server software for windows. It's just another service. I have never done it on windows. I use Linux, where it is quite simple to install. From reading the link above, it seems quite easy on Windows as well. | |
|
| |
| | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
|
TamaraB
Premium Member
2011-Feb-4 6:47 pm
Re: Run your own DNS peopleRight! It's not JUST NXDOMAIN poisoning, which breaks a lot of Internet software and should be banned on that account alone. It's also DPI, which is wiretapping, and should be banned on legal grounds; IE requires a subpoena. The only way to circumvent this shit is to become as independent of your ISP as possible. In other words, use your ISP for connectivity and nothing more. Then they can't mess, monitor, or monetize you. | |
|
| 19579823 (banned)An Awesome Dude join:2003-08-04 1 edit |
to TamaraB
When the cable company first gave me this POS SMC router it did just this! (An invalid typed URL would goto a search page by this ISP)
I HAD A HELL OF A TIME CHANGING THE DNS SETTINGS!!!! (It wouldnt use the new ones i put in) | |
|
| | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
|
TamaraB
Premium Member
2011-Feb-28 5:59 pm
Re: said by 19579823:When the cable company first gave me this POS SMC router it did just this! (An invalid typed URL would goto a search page by this ISP)
»www.wsearch.net
I HAD A HELL OF A TIME CHANGING THE DNS SETTINGS!!!! (It wouldnt use the new ones i put in) Forget about the router settings. Running your own DNS makes you independent of router as well as ISP settings. When you connect to a router/Access Point, set up your PC's network settings to obtain an ADDRESS ONLY from DHCP. Then point your network DNS settings to localhost if you have a dns server running, or to a non-isp dns server if you don't. Bob | |
|
zolcos join:2010-05-19 Houghton, MI |
zolcos
Member
2011-Feb-4 10:42 am
404?cable operator Mediacom is now using DNS redirection to direct people who mistype URLs to a an ad-laden search portal instead of a 404 error DNS doesn't produce 404 errors. 404 is an HTTP error code and I doubt Mediacom is doing anything with them. | |
|
| TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
|
TamaraB
Premium Member
2011-Feb-4 11:15 am
Re: 404?said by zolcos:DNS doesn't produce 404 errors. 404 is an HTTP error code and I doubt Mediacom is doing anything with them. No one said DNS produced the 404 error. What ISPs are doing is redirecting your connection to their adverts when their DNS server can't find the "SITE" you requested, or when the "URL" you requested from a valid site returns a 404 error. If the URL you requested doesn't resolve at all IE the site does not exist, the normal browser response should be "Server not found". If, on the other hand, the site exists but the page you requested is not found on the site then a 404 error is returned by the website, and your browser should return "Error 404, Object not found". In both cases above, nefarious ISPs detect both errors and hijack your connection by poisoning DNS and sending you to their advert site. Bob | |
|
| | cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
cramer
Premium Member
2011-Feb-4 3:35 pm
Re: 404?I'd like to see your evidence that they're intercepting responses from webservers (ala 404 errors) and replacing them with an ad page.
Hijacking NXDOMAIN is one thing. Connecting to an existing webserver, asking for a document, and your ISP replacing the answer... That should be criminal -- but, sadly, isn't. | |
|
| | | ArrayListDevOps Premium Member join:2005-03-19 Mullica Hill, NJ |
Re: 404?if they are doing DPI along with NXDOMAIN they could easily catch all the 404 pages and replace them with whatever they want. | |
|
| | | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
|
to cramer
said by cramer:I'd like to see your evidence that they're intercepting responses from webservers (ala 404 errors) and replacing them with an ad page. Well, the evidence lies in the Original article at the top of this thread: " ..... redirection to direct people who mistype URLs to an ad-laden search portal instead of a 404 error The ONLY way I know that this can happen (given that the web-server is the entity sending the 404) is with ISP installed DPI hardware seeing the web-server generated 404 error response, eating it, and sending an ISP-generated advert page instead. In fact, if indeed customers are getting redirected on 404 errors, this is proof of the ISP using DPI. DPI is essentially a full-blown wiretap, and should require a subpoena! | |
|
| | | | cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
cramer
Premium Member
2011-Feb-4 11:58 pm
Re: 404?The original thread doesn't present any *proof*. They are only describing what they are seeing. If the ISP is running a transparent proxy then they aren't messing with your connection to a foreign server. (you aren't connecting to the server you think you are. which is a different thing to bitch about.)
I'd love to look into it myself, but they aren't my ISP. If you want a URL to test, I'll give you one -- the server (my server) answers with a custom 404 page. (it has been for over a decade.) | |
|
| | | | | |
Turbocpe
Premium Member
2011-Feb-5 12:44 am
Re: 404?Well what proof do you expect? Mediacom customers (such as myself) have confirmed this. You're asking for proof besides what they see. What proof will satisfy you? Some of the people involved in the thread discussed are/were Mediacom technicians!
I have a few sites on a dedicated server. The sites with a custom 404 don't result in Mediacom providing their assistance page. Sites without a custom 404 return Mediacom's assistance page. | |
|
| | | | | | cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
cramer
Premium Member
2011-Feb-5 4:07 am
Re: 404?Packet captures of both sides. If the server is returning http status code 404 and not a 302 redirect to the error page, and they aren't messing with it, then there's a whole new set of questions about what the h*** they're doing.
In fact, just use telnet or netcat and watch the characters as you type them. (you'll have to be the web browser and web server in this experiment.)
(BTW, I didn't see anyone from mediacom fessing up to exactly what they're doing. Just several "it's fixed now" jedi-hand-waves.) | |
|
| | | | | | | |
Turbocpe
Premium Member
2011-Feb-5 5:47 pm
Re: 404?Unfortunately that is getting above my skill level. But I'd be willing to entertain it if I had some guidance.
As far as anyone from Mediacom fessing up on it, I doubt it. I meant that a few Mediacom employees in the thread - who aren't advertised as employees but those who have been in the Mediacom forum do know - have confirmed the results that we customers have seen. | |
|
|
b10010011Whats a Posting tag? join:2004-09-07 united state
1 recommendation |
Treewalk DNS» ntcanuck.com/Run it on one computer and set your router to that computers IP address as the first DNS server, then set something like Open-dns as the second and third | |
|
| |
| | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
|
TamaraB
Premium Member
2011-Feb-4 9:09 pm
Re: Treewalk DNSIt wont help everything, but it will stop a lot of it! It will stop ALL redirections due to mis-typed site names. Are you sugesting people should not take steps to mitigate at least some of this ISP abuse? Why? Perhaps you have a dog in this race? Maybe you are an advertiser? What's up? | |
|
| | | Netgear R6300 v2 ARRIS SB6180
|
Re: Treewalk DNSsaid by TamaraB:It wont help everything, but it will stop a lot of it! It will stop ALL redirections due to mis-typed site names. Are you sugesting people should not take steps to mitigate at least some of this ISP abuse? Why? Perhaps you have a dog in this race? Maybe you are an advertiser? What's up? nice accusations there. and your wrong. my issue is people IMPLYING that changing their dns or running there own will magically fix all problems when the problem is clearly NOT just DNS and clearly DPI and THAT is the issue folks here are missing (apparantly) the outrage should be over the DPI interception of 404 pages for domains that DO exist. that should NEVER happen. sure changing dns is a good idea, i personally have google as primary, opendns as secondary, and mediacoms as tertiary. ofcourse open dns does the same crap with domain redirection for NX_DOMAIN instead of returning a simple "site not found" and yes changing dns will solve that problem, but it wont solve the REAL problem here of mediacom doing DPI and intercepting 404's for VALID domains. EDIT: and yes im against domain interception, it breaks programs. i.e. site monitoring programs etc. | |
|
| | | | TamaraBQuestion The Current Paradigm Premium Member join:2000-11-08 Da Bronx ·Verizon FiOS Ubiquiti NSM5 Synology RT2600ac Apple AirPort Extreme (2013)
|
TamaraB
Premium Member
2011-Feb-5 9:49 am
Re: Treewalk DNSsaid by thedragonmas: .... the problem is clearly NOT just DNS and clearly DPI and THAT is the issue folks here are missing (apparantly) the outrage should be over the DPI interception of 404 pages for domains that DO exist. that should NEVER happen. The fundamental issue here, at it's core, is financial greed. It's the monetizing of your use of the internet. These practices are being carried out by the blatant violation of the very RFC's which make the Internet work. The most egregious of these abuses is the breaking of the DNS system. DNS is the most fundamental and the most critical component of the entire network, second only to access itself. It's the one Internet service which needs to be kept absolutely free of corruption, because it is the one service which is most vulnerable to abuse. DNS is abused by governments and by corporations to censor content. It is abused by corporations to drive traffic to their own services and by blocking access to competitors. Think about it. If you were to dial an invalid number on your phone and instead of getting an error tone/message, or a busy signal, you got an advert from your phone company -- wouldn't you conclude that your phone company was broken? What if every business you called on your phone was recorded and stored, and then you received "targeted" cold-calls from phone spammers? Wouldn't you conclude that you were being illegally abused? The Internet is rapidly replacing much of what we used to do by more traditional means (phone, mail, face-to-face encounters), and needs to be given the same protections those forms had in the past. said by thedragonmas: sure changing dns is a good idea, i personally have google as primary, opendns as secondary, and mediacoms as tertiary. This does nothing to mitigate the problem. All you are doing is transferring control from one abuser to another. DNS services from Google and OpenDNS are far worse offenders when it comes to privacy. They scrape up and sell data from a very wide range of users across practically every ISP on the planet, and as you have said "open dns does the same crap with domain redirection". How long before Google redirects requests for picture services to their own sites? You have gained nothing by switching from one abusive service to another. The only way to avoid this is to query the root servers directly, and you can only do that if you run your own DNS. said by thedragonmas: ... and yes changing running your own dns will solve that problem, but it wont solve the REAL problem here of mediacom doing DPI and intercepting 404's for VALID domains. This is why I have stated several times upthread, that the only way to circumvent ALL these abusive ISP and other greedy corporate practices, is to run your connection through a VPN in addition to running your own DNS. I use an $8.00/Mo off-shore VPN service (my service does not keep logs), plus I run my own DNS and email. This insulates me from all spying, redirections, and port-blocks. As with everything else on the Internet, if you rely on the tender mercies of government or corporations to protect you, you are so screwed! If you want a free and open Internet, you basically have to do it yourself. Running your own DNS is a big first step. Bob | |
|
cline3621Mr. Yuk is MEAN Mr. Yuk is GREEN Premium Member join:2006-06-14 Clarksville, TN |
DNS AddressesIn my router, there are 3 different addresses I can set dns for. 1. 4.2.2.1 2. 4.2.2.2 3. 8.8.8.8 I have been using those for some time now, without issue. | |
|
| |
Turbocpe
Premium Member
2011-Feb-4 11:17 pm
Re: DNS Addressessaid by cline3621:In my router, there are 3 different addresses I can set dns for. 1. 4.2.2.1 2. 4.2.2.2 3. 8.8.8.8 I have been using those for some time now, without issue. Are you a Mediacom customer? Does not show that Mediacom serves Clarksville, TN. This article is about Mediacom and using alternative DNS does not (or did not) resolve the issue. | |
|
|
Not DNS relatedI have never used Mediacom DNS due to outages and poor performance. I either use Level 3 or Google DNS. I got the hijack and opted out. I guess I was one of the few that were lucky because it actually worked. | |
|
Thran join:2002-01-05 Hibbing, MN |
Thran
Member
2011-Feb-6 2:12 pm
media com redirctionI have media com and if you mistype an address, it brings to you the page to make a choice of what you were looking for. sadly none of the main listings are what you want. On the right side of page is the best possible address. Click them and it just brings up more wrong choice. So its a pain in @$$. | |
|
|
|