I just set my DNS servers according to: http://code.google.com/speed/public-dns/

Beautiful.

– Jason

How to get rid of this foul thing????????????????????

With the Comcast ‘hijack’, they try and get ad revenue from your typos! If you
find this irritating, and if on general principle you detest Comcast, then you
‘opt-out.’. Naturally, Comcast makes opting-out a complicated process. There is
a lengthy way for a user to opt-out online. Alternatively, call customer
service. As far as I can tell, customer service has been instructed to
vigourously deny the DNS hijacking. However, I pressed the matter and insisted
the customer service agent do the work of opting-out for me.

If you call customer service, and if you get problems, ask for agent number
30649. He knows all about how to opt out. He helped me, and he will have to help
you, too.

Spread the word far and wide.

Two alternatives, because Opt-Out may not be enough. i.e. some Opt-Out schemes only set a cookie on your browser and if you clear cookies you are right back where you started and have to Opt-Out again. Unless you change the DNS IP Addresses on your router, you will likely have to Opt-Out over and over.

1. Switch to OpenDNS – It’s free and it works great. http://opendns.com/
2. Use Level3’s open DNS Servers 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5

I actually like the OpenDNS service because I have kids and I can filter the content by turning on the filters. (Optional). It’s also quite a bit faster then DNS thru my ISP.

If your company uses Split Tunneling HTTPS Virtual Private Networking (VPN) then this DNS redirect will wreak havoc with your ability to resolve host names, etc. even while connected to VPN. We had to turn off the split tunneling feature on our VPN because all the ISP’s were breaking the DNS specifications by their hijack/redirect trick.

From Wikipedia: Several consumer ISPs such as Cablevision’s Optimum Online, Comcast,Time Warner, Rogers, and Bell Sympatico have also started the practice of DNS hijacking on non-existent domain names, for the purpose of making money by displaying advertisements. This practice violates the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-site scripting attacks.

The concern with DNS hijacking has to do with this hijacking of the NXDOMAIN response. Internet applications rely on the NXDOMAIN response to describe the condition where the DNS has no entry for the specified host. If one were to query the invalid domain name (fakeexample.com), one should get a NXDOMAIN response – informing the application that the name is invalid and taking the appropriate action (for example, displaying an error). However, if the domain name is queried on one of these non-compliant ISPs, one would receive an IP address belonging to the ISP. In a Web browser, this behavior can be annoying or offensive as connections to this IP address display the Web page of the provider, sometimes with advertising, instead of a proper error message. However, other applications that reply on the NXDOMAIN error will instead try to connect to this IP address, potentially exposing sensitive information like logins.

http://www.faqs.org/rfcs/rfc2308.html
http://www.rfc-editor.org/rfc/rfc2308.txt

Two alternatives, because Opt-Out may not be enough. i.e. some Opt-Out schemes only set a cookie on your browser and if you clear cookies you are right back where you started and have to Opt-Out again. Unless you change the DNS IP Addresses on your router, you will likely have to Opt-Out over and over.

1. Switch to OpenDNS – It’s free and it works great. http://opendns.com/
2. Use Level3’s open DNS Servers 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5

I actually like the OpenDNS service because I have kids and I can filter the content by turning on the filters. (Optional). It’s also quite a bit faster then DNS thru my ISP.

If your company uses Split Tunneling HTTPS Virtual Private Networking (VPN) then this DNS redirect will wreak havoc with your ability to resolve host names, etc. even while connected to VPN. We had to turn off the split tunneling feature on our VPN because all the ISP’s were breaking the DNS specifications by their hijack/redirect trick.

From Wikipedia: Several consumer ISPs such as Cablevision’s Optimum Online, Comcast,Time Warner, Rogers, and Bell Sympatico have also started the practice of DNS hijacking on non-existent domain names, for the purpose of making money by displaying advertisements. This practice violates the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-site scripting attacks.

The concern with DNS hijacking has to do with this hijacking of the NXDOMAIN response. Internet applications rely on the NXDOMAIN response to describe the condition where the DNS has no entry for the specified host. If one were to query the invalid domain name (fakeexample.com), one should get a NXDOMAIN response – informing the application that the name is invalid and taking the appropriate action (for example, displaying an error). However, if the domain name is queried on one of these non-compliant ISPs, one would receive an IP address belonging to the ISP. In a Web browser, this behavior can be annoying or offensive as connections to this IP address display the Web page of the provider, sometimes with advertising, instead of a proper error message. However, other applications that reply on the NXDOMAIN error will instead try to connect to this IP address, potentially exposing sensitive information like logins.

http://www.faqs.org/rfcs/rfc2308.html
http://www.rfc-editor.org/rfc/rfc2308.txt