Comcast DNS Hijacking that will not go away… despite opting out … several times.

By | September 4, 2009

comcastvirus

See, what this image shows is that I have my “Domain helper” service OFF, yet when I go to a site that does not exist, I get a Comcast Domain helper page.  That’s the tab on the left top that says “Sorry. Page not found.” It should say “Site not found. Here are some Advertisements.” … that seem related to what I’ve recently been searching on google?

How do I turn this OFF really? I mean so it is really, OFF? Forever? Well, I can just block search2.comcast.com in my firewall, but then Firefox will still no longer use Google as my redirector if I get a bad domain… I’d like to use Google. So I call Comcast customer service.

REP:  I’m not familiar with what you are talking about. (Looks up my info… Listens to me about the problem, about … transfers me to the Home Networking people.

Home Networking REP: … they look up my info … Listens to me about the problem, … transfer me to Tier 2 Home Networking

Tier 2 Home Networking REP: … “um, not quite sure what that is.” … Listens to me explain the problem. I give the Comcast opt out web site… person doesn’t have a web browser so can’t go there…. I explain again about DNS hijacking and the search page, search2.comcast.com …  wait on hold for a while… When the rep goes there, rep is told the page is there “to update my security to protect my privacy.” Hmmm.  Okay … more explaining about DNS hijacking … more waiting on hold… longer this time …

In XP, click Start | Run … Enter “cmd” … Type “ipconfig /flushdns” and hit enter.  Redirect remains.  Trying to change settings in Comcast User Settings… I get an error when I click edit on the Domain helper box.

I explain that I got the MAC address of my modem from a previous rep, and it worked great for a few days… now the MAC address is different for the modem?

I’m told I’ll have an email that tells me to click to correct my MAC Address. I sign in at http://www.comcast.net/ and check my mail. No such mail. Only two emails I have about this are the confirmation email and the success email.

I’m told to flush the DNS cache again then see if I can get to the opt out page and change the MAC address. No such option at the opt out page. Why did my modem’s MAC address work for a few days, then change?  Rep doesn’t know.  … 54 minutes later still on the phone … Rep tries turning the service on then back off. Wants to know what page I’m trying to reach. I explain that it is for any page that is not a real page.  She insists on a page. I make up www.hw3dd.com and explain that this takes me to http://search2.comcast.com/?cat=dnsr&con=ds&url=www.hw3dd.com …

Same thing happens in Internet Explorer. Rep says this is because Comcast.net is my home page. No, google.com is my home page. This is the page that comes up when I start Internet Explorer: www.google.com

Rep is now REALLY understanding the problem because I have explained it in many different ways.  If I misspell a web address, I’m taken to the Comcast search page, but other pages come up fine if I type them correctly.

Rep is going to escalate this issue. Service shows on rep’s end and on my end that I should not be getting redirected, but I still am. Both the rep and I agree that it doesn’t make any sense.  A ticket is being put in to try to correct it.

Time talking to Comcast customer service: 1 hr, 12 minutes.  24 to 72 hrs expected resolution time.

Update 10/19/2009 *** SOLUTION ***

Configure your computer to use a free public DNS. You can do this while using Comcast.

Public DNS Servers
Level 3 Communications (Broomfield, CO, US)
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
Verizon (Reston, VA, US)
151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43
GTE (Irving, TX, US)
192.76.85.133
206.124.64.1
One Connect IP (Albuquerque, NM, US)
67.138.54.100
OpenDNS (San Francisco, CA, US)
208.67.222.222
208.67.220.220
Exetel (Sydney, AU)
220.233.167.31
VRx Network Services (New York, NY, US)
199.166.31.3
SpeakEasy (Seattle, WA, US)
66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2
66.92.159.2
66.93.87.2
Sprintlink (Overland Park, KS, US)
199.2.252.10
204.97.212.10
204.117.214.10
Cisco (San Jose, CA, US)
64.102.255.44
128.107.241.185

12 thoughts on “Comcast DNS Hijacking that will not go away… despite opting out … several times.

      1. Silkyray

        I think that you will continue having this problem and maybe there are some other dns servers you could try and find one that responds as fast as comcast.

        Here are some ideas:

        Free Public DNS Server

        Service provider: ScrubIt

        Public dns server address:
        67.138.54.100
        207.225.209.66

        Service provider:dnsadvantage

        Dnsadvantage free dns server list:
        156.154.70.1
        156.154.71.1

        Service provider:OpenDNS

        OpenDNS free dns server list:
        208.67.222.222
        208.67.220.220

        Service provider: vnsc-pri.sys.gtei.net

        Public Name server IP address:
        4.2.2.1
        4.2.2.2
        4.2.2.3
        4.2.2.4
        4.2.2.5
        4.2.2.6

        Also here is a link to a site with more http://www.dnsserverlist.org/

  1. Chris Griffiths

    You can turn it off permanently by opting out or using another set of DNS servers. If you are running a router, make sure you restart the router and make sure you run ipconfig /flushdns if you are running windows. I would also check what DNS servers you are pointing at by running an ipconfig /all and listing the nameservers and checking against the lists here: http://dns.comcast.net

    Without knowing anything further about your situation or configuration other than what you have in this post, its difficult to provide any further troubleshooting steps, but feel free to contact me and I’ll be able to look at this further for you.

    Thanks

    Chris
    Comcast

    1. Xeno Post author

      Thanks SilkyRay and Chirs!

      The fix is to go to your network connection’s TCP/IP settings (in XP to open the Advanced TCP/IP Settings. One way to get there: Start | Run | ncpa.cpl | right click your Network Connection | Properties | under “Connection uses the following items” scroll down to “Internet Protocol (TCP/IP)”, then click Properties, change “Obtain DNS server automatically” to “Use the following DNS server addresses:”, enter the new DNS server IPs, click OK several times to close windows. Renew your connection (right click network connection and select “Repair”). That’s it.

      My DNS servers shown by “ipconfig /all”, even with the service off matched the Domain Helper DNS servers for my area:
      Sacramento 68.87.76.182 68.87.78.134
      http://dns.comcast.net/dns-ip-addresses2.html

      After changing to the opt-out DNS servers for my area, all was good:

      http://dns.comcast.net/dns-ip-addresses.html
      Opt Out
      Sacramento 68.87.76.178 68.87.78.130

      The public DNS servers I tried (4.2.2.4, 4.2.2.5) were just as fast.

      Hopefully this will save some people some time.

      Thanks again.

      1. Bubba

        Hi All,

        Much thanks to Xeno for the great help. I have not tried any opt out thing with Comcast yet but definitely they are evil as hell. First off I have been using Comcast for a long time and had no problem. I moved out and was using AT&T with no issues. I came back to my mom’s which is the comcast connection and it no longer worked for certain terminals. When I pinged used ip addresses it would work but if I pinged using the name I was redirected to the freakin comcast ip address. I didn’t realize this at all till Pinged a few other machines. I go through a VPN to get to my companies terminals. In any case, using Xeno’s suggestion on putting in a DNS address, I put in my company’s DNS addresses and was then able to access those terminals I wasn’t able to.

        GO TO HELL COMCAST!!

  2. biglamb

    Just to let you know how piss poor it is to implement something like this. Our company have many users that use VPN because they are always in the field. Obviously last night sometime in the AStlanta area Comcast made a big pusg with there DNS Hijacking. All the sudden we have users who cannot get to any of our websites while on the VPN because its the browswer is first trying to connect to this ip address 208.68.139.38. After a little research this is all Comcast. So instead of making our users speak with some minimum wage wannabe halp desk analyst that knows squat about networking make excuses we give them the opt out DNS servers. Tell your managers they own me on of your paychecks for the crap we went through today. Thanks for nothing. Go to hell Comcast!

  3. IT_Architect

    I called Comcast support. Tech support guy didn’t know about it. Went to a test site in my area and tried it and saw the same thing I did. Then he did some lookups and said I wish they would tell us these things. Then said, I wonder if we can turn it off. Didn’t see where he could, but had documentation on how I could and what my screen should look like. I navigated there, but there was no opt-out link like shows on his screen.

    I did not have this problem in a non-Firefox browser. I Switched to Chrome.

  4. Bardenboo

    Do you get your Internet connection via Comcast? If so, beware they’ve
    instututed something called ‘DNS hijacking’, which in this case means that you
    will be taken to a page with junk ads if you try going to a webpage that doesn’t
    exist, for example, if you type in facebookkk.com accidentally. Typically,
    you’ll get “page not found” or something similar, depending on what browser
    you’re using.

    With the Comcast ‘hijack’, they try and get ad revenue from your typos! If you
    find this irritating, and if on general principle you detest Comcast, then you
    ‘opt-out.’. Naturally, Comcast makes opting-out a complicated process. There is
    a lengthy way for a user to opt-out online. Alternatively, call customer
    service. As far as I can tell, customer service has been instructed to
    vigourously deny the DNS hijacking. However, I pressed the matter and insisted
    the customer service agent do the work of opting-out for me.

    If you call customer service, and if you get problems, ask for agent number
    30649. He knows all about how to opt out. He helped me, and he will have to help
    you, too.

    Spread the word far and wide.

  5. BruceKG

    This is still going on. They must of just pushed it onto New Hampshire in the last week or so. I finally got so pissed and called up. I don’t even get the opt out choice.

    When I called today. They had no idea what I was talking about – said it wasn’t their problem. After my response of b___s___, I sent them to the opt out web site. I was talking with a supervisor and got cut off. I am now on hold while they try to find a supervisor.

    Now have floor supervisor..

Leave a Reply