Both sides previous revision Previous revision Next revision | Previous revision |
abusive_isps [2017-06-23T22:02:42Z] – fusl | abusive_isps [2019-06-09T21:21:56Z] (current) – [Abusive ISP List] fusl |
---|
Some OpenNIC DNS servers also listen on an alternative port (generally 5353) which is less likely to be tampered with by ISPs. | Some OpenNIC DNS servers also listen on an alternative port (generally 5353) which is less likely to be tampered with by ISPs. |
| |
To test if an ISP is tampering with DNS traffic, you can use the dig command from the dnsutils package. Select a server from the Tier 2 page which supports an alternative port. In my example I have used 106.186.17.181. First, try querying for the root zone (.) on the default port: | To test if an ISP is tampering with DNS traffic, you can use the dig command from the ''dnsutils'' package. Select a server from the Tier 2 page which supports an alternative port. In my example I have used ''106.186.17.181''. First, try querying for the root zone (''.'') on the default port: |
| |
dig SOA . @106.186.17.181 | dig SOA . @106.186.17.181 |
. 58346 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015080300 1800 900 604800 86400 | . 58346 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015080300 1800 900 604800 86400 |
| |
You can see from the returned SOA above that the DNS request has been hijacked by the ISP as 'a.root-servers.net' is not an OpenNIC DNS server. If the SOA you get looks more like the one below, then your ISP is probably not hijacking your DNS requests. | You can see from the returned SOA above that the DNS request has been hijacked by the ISP as ''a.root-servers.net'' is not an OpenNIC DNS server. If the SOA you get looks more like the one below, then your ISP is probably not hijacking your DNS requests. |
| |
Now try again on the alternative port: | Now try again on the alternative port: |
This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below. | This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below. |
| |
^ Country ^ ISP ^ Reported ^ Reporter ^ Notes ^ | ^ Country ^ ISP ^ Earliest report ^ Last seen ^ Source ^ DPI ^ Level ^ Notes ^ |
| Peru | Bitel | 2017 | Anonymous user on #opennic | http://xor.meo.ws/paste/1498255178451615185/cd64eb34-eac1-4eeb-bcc8-50c5a756b866.txt | | | Taiwan | HiNet | 2019-01-16 | | [[user:fusl]] | no | blocking of selective domains | Returns NXDOMAIN for some very specific domains, hijacking common public DNS resolvers like Google, OpenDNS and CloudFlare, Quad9 seems to be unaffected | |
| United States | Comcast | 2009 | //news// | http://www.theregister.co.uk/2009/07/28/comcast_dns_hijacker/ | | | Austria | 3 / drei.at | 2018-01-28 | | [[user:fusl]] | no | NXDOMAIN search engine redir | NXDOMAIN redirect to ''213.94.80.190'', {{:abusive_isps:h3gat.txt|proof}} | |
| Canada | Rogers | 2007 | //news// | http://www.dslreports.com/shownews/Rogers-Uses-Deep-Packet-Inspection-for-DNS-Redirection-96239 | | | - | Vultr/Choopa | 2017-11-03 | | [[user:fusl]] | yes | blocking of selective domains | [[https://en.wikipedia.org/wiki/Deep_packet_inspection|DPI]] on UDP/53, blocks any DNS request containing the text ''minexmr.com.'' in the query name ({{:abusive_isps:vultr.png?linkonly|proof}}) | |
| | United States | CenturyLink | 2017-08-28 | | //some user// on #opennic | no | NXDOMAIN search engine redir | Reproduced by [[:user:fusl]] - NXDOOMAIN redirect to ''198.105.244.23''+''198.105.245.23'' redirecting to ''http://webhelper.centurylink.com/index.php?origURL=<domain>&r=&bc='' | |
| | United States | Cox | 2017-08-16 | | - | yes | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190609211911/https://www.cox.com/residential/support/enhanced-error-results-service.html|Enhanced Error Results Service]]; albeit the official page states that opt-outs are possible, multiple reports show that users are struggling doing so: [[https://web.archive.org/web/20190609211537/https://forums.cox.com/forum_home/internet_forum/f/internet-forum/18528/dns-hijacking-a-k-a-enhanced-error-results|DNS Hijacking (A.K.A 'Enhanced Error Results')]], [[https://web.archive.org/web/20190609212050/https://forums.cox.com/forum_home/internet_forum/f/internet-forum/19672/cox-hijacking-dns-again|Cox Hijacking DNS again]] | |
| | Peru | Bitel | 2017-06-23 | | Tedel on #opennic | ? | ? | {{:abusive_isps:bitel.txt|IRC conversation log}} | |
| | United States | AT&T | 2017-03-27 | | //news// | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127173703/http://www.att.net/dnserrorassist/about/|ETM Details with Opt-Out Option]] ({{:abusive_isps:att1.png?linkonly|screenshot}}), [[https://web.archive.org/web/20190127173856/https://forums.att.com/t5/AT-T-Internet-Features/ATT-DNS-Assist-Page/td-p/5108480|ATT DNS Assist Page - AT&T; Community]] ({{:abusive_isps:att2.png?linkonly|screenshot}}) | |
| | - | Level3 | 2015-11-13 | 2019-06-09 | gorbilax on reddit | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190609210007/https://www.reddit.com/r/networking/comments/3sm36w/level3_42214222_dns_servers_redirecting_to_search/|Level3 4.2.2.1/4.2.2.2 DNS servers redirecting to search page : networking]], NXDOMAIN redirect to ''23.202.231.167'' and ''23.217.138.108'' on their well-known ''4.2.2.1''-''4.2.2.6'' servers, {{:abusive_isps:level3.txt|proof}} | |
| | United States | T-Mobile US | 2015-07-20 | | thefinn93 on reddit | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174032/https://www.reddit.com/r/tmobile/comments/3dyk1h/how_do_i_turn_of_nxdomain_hijacking/|How do I turn of NXDOMAIN hijacking?]] | |
| | Indonesia | Telkom | 2015-04-27 | | //blog post// | ? | ? | [[https://web.archive.org/web/20190127174121/https://www.katyarina.com/artikel/item/36-bagaimana-internet-positif-telkom-bekerja.html|Bagaimana internet positif Telkom bekerja?]] | |
| | United States | Sprint | 2014-09-05 | | sanityvampire on reddit | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174229/https://www.reddit.com/r/Sprint/comments/2fl6pk/are_sprint_3g_and_4g_towers_hijacking_nxdomain/|Are Sprint 3G and 4G towers hijacking NXDOMAIN responses? More information in comments...]] | |
| | United States | CenturyLink | 2011-12-21 | | DSLReports Forums user | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174357/https://www.dslreports.com/forum/r26682725-|Re: [Qwest] Opting out of CenturyLink Web Helper hijacking not working]] | |
| | Spain | ONO | 2010-05-10 | | //blog post// | no | NXDOMAIN search engine redir | Allowed cross-site-scripting attacks, [[https://web.archive.org/web/20180829123420/http://www.iniqua.com/2010/05/10/nxdomain-redirect-xss/|iniqua » Archive » XSS Reflected dnssearch.Ono.es NXD redirect]] | |
| | Australia | Telstra | 2009-11-20 | | //news//, CRN Australia | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174605/https://www.crn.com.au/news/bigpond-redirects-typos-to-unethical-branded-search-page-160923|BigPond redirects typos to 'unethical' branded search page]] | |
| | United States | RCN | 2009-10-13 | | //blog post// | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174651/https://infiniteedge.blogspot.com/2009/10/who-stole-my-web-browser.html|InfiniteEdge: Who Stole My Web Browser?]] | |
| | United States | Mediacom | 2009-09-25 | | YourName on reddit | no | redirection of selective domains | Redirects ''search.live.com'' to own search engine, [[https://web.archive.org/web/20100303205850/http://www.reddit.com/r/programming/comments/9o3as/want_a_real_world_example_of_why_we_need_network|Want a real world example of why we need network neutrality? I have one here.]] | |
| | Canada | Bell Internet | 2009-08-04 | | timothy on Slashdot | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174817/https://tech.slashdot.org/story/09/08/04/1512248/Bell-Starts-Hijacking-NX-Domain-Queries|Bell Starts Hijacking NX Domain Queries]] | |
| | United States | Comcast | 2009-07-28 | 2012-01-01 | //news// | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127174926/https://www.theregister.co.uk/2009/07/28/comcast_dns_hijacker/|Comcast trials Domain Helper service DNS hijacker]], [[https://web.archive.org/web/20190127175005/https://corporate.comcast.com/comcast-voices/comcast-domain-helper-shuts-down|disabled 2012; Comcast Domain Helper Shuts Down]] | |
| | Germany | T-Online | 2009-04-09 | | - | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127175144/https://telekomhilft.telekom.de/t5/Browser/Neues-Leistungsmerkmal-Navigationshilfe/m-p/568909|Neues Leistungsmerkmal 'Navigationshilfe']] | |
| | United States | Optimum Online | 2008-09-25 | | - | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20090813095417/http://www.optimum.net/Article/DNS|Optimum Online - DNS Assistance]] | |
| | Canada | Rogers | 2008-07-20 | | //news// | no | ad content injection | [[https://web.archive.org/web/20190127175250/http://www.dslreports.com/shownews/Rogers-Uses-Deep-Packet-Inspection-for-DNS-Redirection-96239|Rogers Uses Deep Packet Inspection for DNS Redirection - Is hijacking websites for advertising a violation of net neutrality?]] | |
| | Australia | Telstra | 2008-03-15 | | //blog post// | no | dns redirection | [[http://web.archive.org/web/20101210140523/jeffturner.net/2008/03/road-runner-dns-hijack-causing-slow-web-pages/|Road Runner DNS hijack causing slow web pages]]| |
| | United States | Verizon | 2007-06-21 | | - | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20190127175444/https://www.verizon.com/support/residential/internet/home-network/settings/opt-out-of-dns-assist|Opt Out of DNS Assistance]] | |
| | United Kingdom | TalkTalk | FIXME | | - | no | NXDOMAIN search engine redir | [[https://web.archive.org/web/20181018224234/http://error.talktalk.co.uk/main?FailureMode=14&LinkType=1|TalkTalk Error Replacement Service]] | |