[dns-operations] "Comcast Intercepts and Redirects Port 53 Traffic" (slashdot)

Patrick W. Gilmore patrick at ianai.net
Wed Jun 10 02:45:45 UTC 2009

On Jun 9, 2009, at 10:15 PM, Paul Vixie wrote:

> An anonymous reader writes
> 	"An interesting (and profane) writeup of one frustrated user's
> 	discovery that Comcast is actually intercepting DNS requests bound
> 	for non-Comcast DNS servers and redirecting them to their own
> 	servers. I had obviously heard of the DNS hijacking for nonexistent
> 	domains, but I had no idea they'd actually prevent people from
> 	directly contacting their own DNS servers."
> If true, this is a pretty serious escalation in the Net Neutrality
> wars. Someone using Comcast, please replicate the simple experiment  
> spelled
> out in the article and confirm or deny the truth of it. Also, it  
> would be
> useful if someone using Comcast ran the ICSI Netalyzr and posted the
> resulting permalink in the comments.
> http://tech.slashdot.org/story/09/06/09/1731238/Comcast-Intercepts-and-Redirects-Port-53-Traffic

I'm on Comcast in Boston, using the Netalyzr tool says port 53 is  
direct.  In fact, it looks pretty good overall, even though I'm behind  
my own NAT (MacBook Air using Apple Airport Extreme, default config).

Full results: <http://download.ianai.net/Netalyzr.html>.

If it is important, I can plug the laptop into the cable modem  
directly and re-run.  But I think this shows Comcast is not doing  
anything terribly silly.  (Blocking 135, 139, 445, etc. doesn't seem  
horrible to me, but I'm a Mac user who likes SSH tunnels.)


More information about the dns-operations mailing list