Stop Comcast from DNS Hijacking Redirects

Aug 9, 2009 - 20 Comments

If you’re a Comcast customer and you’ve entered in an incorrect URL or had a server time out recently, you’ve probably been extremely annoyed when you discovered you were being redirected to a page filled with Comcast ads. Comically, this obnoxious DNS redirect is named the ‘Comcast Domain Helper service’, and was forced on you whether you wanted it or not.

Remove Comcast DNS redirect

Things you’ll need to stop Comcast from redirecting your improper URL’s:

1) Your main Comcast account User ID / email address

2) Your cable modems MAC address

3) Visit the Comcast “Domain Helper” opt-out URL

In typical Comcast style, they altered your service without your consent, and you have to actually opt-out of the DNS hijacking service, thankfully you can do it online. Good grief.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: William Pearson in How to, Troubleshooting

20 Comments

» Comments RSS Feed

  1. James says:

    They (Comcast) are not alone in this regard. I don’t know which ISP started the DNS redirect trick but almost all ISP’s are doing it now. The ads are income for them and if your competitor is making money that way then you will follow.

    Two alternatives, because Opt-Out may not be enough. i.e. some Opt-Out schemes only set a cookie on your browser and if you clear cookies you are right back where you started and have to Opt-Out again. Unless you change the DNS IP Addresses on your router, you will likely have to Opt-Out over and over.

    1. Switch to OpenDNS – It’s free and it works great. http://opendns.com/
    2. Use Level3’s open DNS Servers 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5

    I actually like the OpenDNS service because I have kids and I can filter the content by turning on the filters. (Optional). It’s also quite a bit faster then DNS thru my ISP.

    If your company uses Split Tunneling HTTPS Virtual Private Networking (VPN) then this DNS redirect will wreak havoc with your ability to resolve host names, etc. even while connected to VPN. We had to turn off the split tunneling feature on our VPN because all the ISP’s were breaking the DNS specifications by their hijack/redirect trick.

    From Wikipedia: Several consumer ISPs such as Cablevision’s Optimum Online, Comcast,Time Warner, Rogers, and Bell Sympatico have also started the practice of DNS hijacking on non-existent domain names, for the purpose of making money by displaying advertisements. This practice violates the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-site scripting attacks.

    The concern with DNS hijacking has to do with this hijacking of the NXDOMAIN response. Internet applications rely on the NXDOMAIN response to describe the condition where the DNS has no entry for the specified host. If one were to query the invalid domain name (fakeexample.com), one should get a NXDOMAIN response – informing the application that the name is invalid and taking the appropriate action (for example, displaying an error). However, if the domain name is queried on one of these non-compliant ISPs, one would receive an IP address belonging to the ISP. In a Web browser, this behavior can be annoying or offensive as connections to this IP address display the Web page of the provider, sometimes with advertising, instead of a proper error message. However, other applications that reply on the NXDOMAIN error will instead try to connect to this IP address, potentially exposing sensitive information like logins.

    http://www.faqs.org/rfcs/rfc2308.html
    http://www.rfc-editor.org/rfc/rfc2308.txt

  2. I am a Comcast customer. Long ago, I setup my router (Apple Time Capsule) to use OpenDNS. Best decision ever.

  3. John Shirley says:

    I’ll second the remarks on OpenDNS. Comcast has always done strange things to DNS, but when OpenDNS arrived, I jumped on it. It’s free… as in beer. There’s an OSX auto update client for it, too. Mmm… beer.

  4. JL says:

    Obviously of course, OpenDNS does DNS redirect also by default…

  5. Nowrap says:

    Comcast does have a list of their DNS servers that DON’T use their “helper service.” http://dns.comcast.net/dns-ip-addresses.html It was given out on their blog and within a comment on a post, so it wasn’t exactly them shouting it to the rooftops.

  6. […] I am opposed to ISP DNS Hijacking for many reasons (DNS needs to be trustworthy, DNS needs to follow the RFC standard and return “Not Found” as specified especially since my browser would then tack on “.com” for me, I already pay TWRR more money for less bandwidth than most other developed nations so I resent this standards-breaking monetization), but luckily today I found the opt-out page. Thankfully it’s easier and less intrusive than Comcast’s opt-out. […]

  7. JXL75 says:

    Notify the appropriate law enforcement agency. ,

  8. Alpha says:

    One thing I liked about switching to a Mac is that I could enter something like “CNN” in the Safari browser and it would infer the “.com” or “.org” part. Time saver when day trading and such. But Comcast has stolen that from me with their hijack. Even after the Comcast opt out, this functionality is GONE. I am pissed at Comcast.

  9. Bardenboo says:

    Do you get your Internet connection via Comcast? If so, beware they’ve
    instututed something called ‘DNS hijacking’, which in this case means that you
    will be taken to a page with junk ads if you try going to a webpage that doesn’t
    exist, for example, if you type in facebookkk.com accidentally. Typically,
    you’ll get “page not found” or something similar, depending on what browser
    you’re using.

    With the Comcast ‘hijack’, they try and get ad revenue from your typos! If you
    find this irritating, and if on general principle you detest Comcast, then you
    ‘opt-out.’. Naturally, Comcast makes opting-out a complicated process. There is
    a lengthy way for a user to opt-out online. Alternatively, call customer
    service. As far as I can tell, customer service has been instructed to
    vigourously deny the DNS hijacking. However, I pressed the matter and insisted
    the customer service agent do the work of opting-out for me.

    If you call customer service, and if you get problems, ask for agent number
    30649. He knows all about how to opt out. He helped me, and he will have to help
    you, too.

    Spread the word far and wide.

  10. X User says:

    Well apparently someone ‘switched’ me to Open DNS without my permission!!!

    How to get rid of this foul thing????????????????????

  11. […] is a link and interesting discuss on doing this if you use comcast. I’ve always found it annoying when you get redirected to a […]

  12. Jason says:

    Use Google DNS. It’s free and solved ComCast from bugging me.

    I just set my DNS servers according to: http://code.google.com/speed/public-dns/

    Beautiful.

    — Jason

  13. F. ComCast says:

    It’s called bastard marketing. It’s showing up everywhere, yahoo login pages, google color-overloaded pages now, microsoft on tv, youtube embedded ADs etc., excessive animated CPU-intensive BS etc. More $$$ for those rich CEOs.

  14. Chris says:

    I just want to say thank you for this – my wife could not get VPN to work and we were on the verge of paying for Comcast’s $95 a month internet. This has saved us a lot of money – thanks!

  15. wap-tek says:

    no, NO! none of the above
    tell them that because of this crap
    you are cancling comcast
    and advising your boss that
    your company should as well

    if this happens enough then they will
    back down and obey!

  16. Antonio Chaac says:

    It is an interesting practice… The fact that we are in a DNS redirect thread is evidence that we do not represent the majority or most representative customers or Internet users in the world.
    So I asked some friends from different ages and many prefer a redirection than an error page with a strange HTML error code.
    Search engines do the same redirection in mistyped queries, should we go after google, bing or yahoo? Sure there is a need for and RFC on search engines practices….

  17. Paul says:

    This isn’t just bastard marketing from Comcast, it’s full on censorship. I was unable to reach http://www.goodasyou.org until I changed the DNS entries on my router.

  18. IT_Architect says:

    “Use Google DNS. It’s free and solved ComCast from bugging me. I just set my DNS servers according to: http://code.google.com/speed/public-dns/

    EXACTLY! That’s what we do with all of customer’s routers also.

  19. RasKal says:

    The issue with using Google type of DNS is that it almost breaks GeoIP mechanisms based on client’s DNS “location”. For example BigIP GTM (F5)…
    :-(
    Rgds,
    Raskal

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates