Ars Technica recently wrote up an article ISPs hijacking DNS requests to watch web searches. A couple years ago, I discovered that any time that I punched in an invalid domain name, instead of telling me the domain name did not exist, I was redirected to a search page. The search page had an opt out feature, but it reset after a few hours. I wrote a script to automatically opt myself out every few hours, but it was ineffective. When I called CenturyLink (my ISP) about this problem, they first denied it. After arguing with the representative for a while, he eventually informed me that this was how the feature was supposed to work. I asked him how that could be useful if the opt out really wasn’t an opt out. He didn’t have an answer. Eventually I opted to use alternative DNS. However, one solution for those of us running DD-WRT on our routers is to add additional DNSMasq options. While OpenDNS does honor opt outs, I still add the IP addresses they use to my configuration.
Before adding anything, pinging an invalid domain shows:
ping garbage.invalidtld PING garbage.invalidtld (67.215.65.132) 56(84) bytes of data. 64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_req=1 ttl=56 time=54.4 ms
I went into the Services page of DD-WRT and added the following to the “Additional DNSMasq Options” section:
bogus-nxdomain=67.215.65.132 bogus-nxdomain=184.106.31.182
Now the same command returns the proper response:
ping garbage.invalidtld ping: unknown host garbage.invalidtld
I could have applied the same method to filter CenturyLink’s DNS responses, but I have been happier with OpenDNS and decided not to switch back.
Glad you’ve tried us and decided to stay. We do let people turn every feature on or off. We want you to control your Internet experience. Transparency is a key piece of making that happen.
Thanks, @David Ulevitch. I’m pleased that OpenDNS takes an active interest in what bloggers are saying about them. If only CenturyLink (a company I pay money) would be so responsive…