mouss wrote:
Matt Kettler wrote:
John Hardin wrote:
On Tue, 2008-01-29 at 17:51 -0500, Matt Kettler wrote:
Perhaps Verizon is screwing up their DNS?
Ahh, yes they are:
http://www.freedom-to-tinker.com/?p=1227
Hrm.
As a troubleshooting hack for this increasingly-common "feature",
perhaps a URIBL/DNSBL rule could be defined that checks a domain that
will *never* be in the zones (apache.org maybe) and if it ever hit then
add -20 to the score (to override all the FP hits) and emit a
warning to
inspect your DNS service for ISP hijacking?
The problem is they're not hijacking everything... Only "interesting"
domains.
I can do a dig for several other domains against verizon's poison DNS
and get a NXDOMAIN. In fact, I tried to find another domain that gets
redirected, and couldn't.
does their "opt-out" (setting the DNS server to 68.238.0.14) work?
In my area the opt-out DNS servers are:
71.242.0.14
71.252.0.14
and they do work although their procedures for doing so on their website
are broken.
I'm a Fios customer with a MI424WR router, where you're supposed to
follow this procedure:
http://netservices.verizon.net/portal/link/help/index.jsp?epi_menuItemID=c567d167631f692124525d7253295c48&objId=23995
They tell you to go to your lan network and over-ride the DNS there by
changing the last octet. The problem is, just like in their own picture,
the defaults are 0.0.0.0, which causes it to advertise the router itself
as a DNS. The router has a mini-dns that winds up using the DNS servers
it discovered on the WAN side as forwarders. So you've got to go to the
wan interface, copy down those DNS IP's, change the last octets from 12
to 14, and enter those on the LAN side as servers to advertise in DHCP.
Or you can just tell your clients to not use DHCP for dns, and manually
configure those two resolvers.
Clearly they're not expecting your average Joe to be able to opt out.
The instructions are complicated, and inaccurate. It's probably very
intentional on their part that they've spent very little effort trying
to make opting out easy.