[dns-operations] "Comcast Intercepts and Redirects Port 53 Traffic" (slashdot)
Patrick W. Gilmore
patrick at ianai.net
Wed Jun 10 02:45:45 UTC 2009
On Jun 9, 2009, at 10:15 PM, Paul Vixie wrote:
> An anonymous reader writes
> "An interesting (and profane) writeup of one frustrated user's
> discovery that Comcast is actually intercepting DNS requests bound
> for non-Comcast DNS servers and redirecting them to their own
> servers. I had obviously heard of the DNS hijacking for nonexistent
> domains, but I had no idea they'd actually prevent people from
> directly contacting their own DNS servers."
> If true, this is a pretty serious escalation in the Net Neutrality
> wars. Someone using Comcast, please replicate the simple experiment
> out in the article and confirm or deny the truth of it. Also, it
> would be
> useful if someone using Comcast ran the ICSI Netalyzr and posted the
> resulting permalink in the comments.
I'm on Comcast in Boston, using the Netalyzr tool says port 53 is
direct. In fact, it looks pretty good overall, even though I'm behind
my own NAT (MacBook Air using Apple Airport Extreme, default config).
Full results: <http://download.ianai.net/Netalyzr.html>.
If it is important, I can plug the laptop into the cable modem
directly and re-run. But I think this shows Comcast is not doing
anything terribly silly. (Blocking 135, 139, 445, etc. doesn't seem
horrible to me, but I'm a Mac user who likes SSH tunnels.)
More information about the dns-operations