I recently switched to Comcast for my Internet Service Provider. The transition hasn’t been pleasant. I have had a number of issues with them. However, by far the most annoying issue is with their “domain helper service“. This post should help any others who fall victim to this unexpected behavior.
Basically, what they do is assign you one of their special DNS servers from http://dns.comcast.net/dns-ip-addresses.php which return incorrect results:
$ nslookup thisdomaindoesnotexist 188.8.131.52 Server: 184.108.40.206 Address: 220.127.116.11#53 Non-authoritative answer: Name: thisdomaindoesnotexist Address: 18.104.22.168
when the real response should be:
$ nslookup thisdomaindoesnotexist 22.214.171.124 Server: 126.96.36.199 Address: 188.8.131.52#53 ** server can't find thisdomaindoesnotexist: NXDOMAIN
In my mind, this amounts to hijacking my NXDOMAIN responses which violates RFC2308 and is even outlawed in the UK! I could have fixed this easily by modifying the nameservers listed in /etc/resolv.conf. The problem with this is that I would have to do it for all of my machines. Another solution is to set the DNS servers in my router’s configuration (since it provides them during DHCP). The problem with this is that I again end up doing some manual configuration on my end for a problem which Comcast caused.
Of course this leads to all sorts of nastiness. I first noticed this nonsense while clicking on a link for a site that used to exist. This lead me to their hideously ugly (and amazingly useless) search page. After looking around, I realized other people had similar feelings. Just look at the blog post linked to previously. Not one enthusiastic comment about how useful this is.
So, I decided to try and disable this thing on my own. After all, they are nice enough to provide you instructions on how to do it yourself. The only problem with that is the necessary options don’t even show up on my account!
The next step was to initiate a chat with their technical support to get them to update the account settings for me. Unfortunately, this did more harm than good. They tried to reset my router remotely (which obviously kicked me out of the chat session). Not only that, but the router reset never completed properly.
Okay, so next step was to call (I no longer had internet access after all). The first person I talked to wasn’t even able to reset my router again! They were convinced that this was a problem that needed to be solved by having a technician come out. I was not able to convince her otherwise. So, I scheduled the technician.
I then called back immediately. I did not mention the mistake made by the previous person in chat. I simply requested that they activate my service (as I needed done when I first got service). This time, the person on the line was able to activate my service. I figured since they were able to do that, maybe they would be able to help me with my problem. So, I tried explaining it and was transferred to someone in their “technical support” department. This person at least listened to what I was saying and looked at the links with the instructions I was trying to follow. She even logged into my account and was able to see that the options were not showing up. However, she was also unable to help and speculated that the technician might know something else (not likely since they’re usually just contractors).
My last resort was emailing Comcast support and explaining all of this in my email. A few days later, I received an email confirming that this had been done. Sure enough, I checked the nameservers listed on my router and they were using the opt out servers listed at http://dns.comcast.net/dns-ip-addresses2.php. Finally, they fixed my problem and all it took was a simple email.