DNS Redirection – ick


When I’m at home, all of my network connected devices use my domain controller for DNS. When I’m at work, we use the domain controller there too. Ditto for when I was in school, when I am on site with (most) clients, etc.

Today however, I statically assigned my laptop to use the Cox DNS servers because I was testing propagation. Because it didn’t really have an impact on anything, I didn’t bother changing it back – until I got home.

When I booted up and opened Firefox, all 23 tabs on my home screen went to a Cox splash page trying to recommend other sites than the ones in the URLs. I had forgotten that Cox redirects DNS queries (there is a reason it is also known as DNS hijacking). Basically if you put in http://www.usatodya.com instead of http://www.usatoday.com, Cox will redirect you to a search page with paid advertising of competitors of the site you really meant to hit. While I could see that being mildly useful for a novice user, it also violates the RFC standard for DNS (NXDOMAIN) responses, and can open a browser to cross-site scripting attacks. It also has the disadvantage of not providing you meaningful error information when some would be useful.

Most annoying is that if a remote DNS server doesn’t respond in a timely manner (and Cox must have them set very low), you get the advertising instead of the page you wanted a fairly high percentage of the time.

This isn’t new. It’s been going on about something like 4 or 5 years now, and people screamed about it when it started. I fixed it at home in about 15 seconds by removing the static DNS entries from my laptop, and getting my local DNS server via DHCP. It just reminds me that many users are rightfully annoyed when technology doesn’t work as advertised or expected. How much worse is it when technology providers break something on purpose? Even ICANN is against DNS redirection because of the various functionality it breaks, and the vulnerabilities it causes.

But that doesn’t stop Cox (and others) from using it to gather every billable click that they can. How’s that for customer service?

3 thoughts on “DNS Redirection – ick

  1. If cox is like comcast, you can opt out. As a comcast customer, I can login to my account via https://customer.comcast.com, users & settings tab, and under High Speed Internet, there’s a selection for “Domain helper”. Click on the edit button and select disable. No more DNS hijacking. Comcast marketing spins this as;

    “You can replace any “page not found” errors with a page that gives you options to go to other pages that you may find more useful.”

    Yeah, gives you options and Comcast, Cox, name your ISP… space to sell ads.

    Hope that works for ya.

  2. In most cases I want to use internal DNS – so I can locate internal resources. For a lone user behind a cable modem, whose computer never travels, that’s a good idea.

  3. Well, the next time you decide to statically assign DNS, why don’t you just make us of Google’s DNS? I’ve used it in the past here and there, and it seems to work just fine.

    I believe the servers are 8.8.8.8 & 8.8.4.4. I am currently using it as our tertiary DNS at home. I haven’t seen any issues with it.

    Christopher Williams
    optimize.Me

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s