Cox Internet Users beware. . .
It seems Cox cable has implemented a new DNS service which is changing the basic function of DNS for customers in Florida as a test for all thier customers.
Rather than send a message to a client computer that there is a DNS error, it forwards the user to an advertisement filled page provided by yahoo.
This may not seem like a big deal until you realize that it breaks a basic protocol in TCP/IP.
Now, the system does not send the user the DNS error, it sends them a webpage. This breaks things like VPN because the vpn never knows to fall back on internal IPs.
There is information on Cox's support site, but it is not linkable.
To get the information, go to support.cox.com , select Florida as the state, and do a search for DNS.
It will be the first link that comes up entitled Information: Enhanced Error Results Page
From the page:
Summary
This article describes the enhanced error results page.
ContentCox is currently testing an enhanced error results service that redirects DNS errors to relevant alternative results provided by Yahoo! Search Marketing. DNS errors are caused by misspelled URLs and syntax errors such as "ww" instead of "www" or "con" instead of "com." When no relevant keyword can be extracted to produce a list of alternative sites, a search box is presented to the users so they can conduct the search again. If relevant results are identified, an enhanced error page displays instead of a standard DNS error message.
The enhanced error results page is currently being tested in the Gulf Coast and Central Florida area customers only.
How do I know about this? I work for a company with about 1000 users of VPN in Florida, most are affected, and Cox support didn't seem to care at all when we attempted to call them. It seems all of our users will need to cancel their cable modems through cox and go to dsl.
If you have their internet service, you might consider switching. . . .
I like my women like I like my meatloaf.
Hot and covered in ketchup.
Why you got to break the DNS? Don't break the DNS! It's the only thing keeping the internet from turning into a 12 digit number memorization game.
-Bad Mojo
And man that dog looks like he's having a good time, but that monkey is f*cking into it. This isn't his recreation; this is his life and he knows it in a way I will never know anything. --Danjo Olivaw
Boy, that really sucks.
Many consumer-level routers will run a true DNS client for you natively. The DD-WRT firmware will work nicely for this. By running your own DNS server, you're invulnerable to crap like this. You're also much, much more resistant to DNS cache-poisoning attacks. (where the bad guys pollute a DNS server with bad records to get you to visit their servers instead of, say, ebay.)
most VPN clients have a setting to force ALL traffic over the tunnel.. that should eliminate any external DNS servers from screwing up any name translations.
I know even the built in PPTP/L2TP XP and Vista clients have this.
This Topic comes up at Current every 3 months or so and thankfully it gets flagged as a "bad idea" each and every time. I'm in the "bad idea" vote category.
Aint nothing new about the world order..it's been playing since the day they put George Washington on a quarter
85's face the truth you're too dumb.
http://www.myspace.com/armyofthepharaohs
I wonder how much money Cox is making off of these redirected search results and not passing onto their customer through lower service fees.
"We're taught from a young age how to dodge rock hard objects moving at incredible rates of speed while simultaneously beating folks half to death with sticks. We do this for fun." -kung fu grip
http://blog.digital-lifeline.ca
Good to know. This may motivate me tog et off my lazy ass and set up non-Cox DNS info on my router.
Unfortunately, if I slash my wrist with my lightsaber it cauterizes instantly. - PurEvil on emo Star Wars plots.
You are correct on this, however I believe setting all traffic over the tunnel is considered bad mojo because it triples bandwidth per user through the concentrator.
I like my women like I like my meatloaf.
Hot and covered in ketchup.
heh well yeah.. small downside
Aint nothing new about the world order..it's been playing since the day they put George Washington on a quarter
85's face the truth you're too dumb.
http://www.myspace.com/armyofthepharaohs
I've never heard of Cox. So Cox sucks, then, eh? So, what would you call people who still use Cox... Cox suckers?
"I'm absolutely retarded. Not 100% sure why." - atom
"Dhelor + intarwebs = Great ideas." - wordsmythe
"Do I what I do: hate everyone." - Quintin_Stone
In Virginia, they marketed their residential services as Cox@Home. They sponsored a LAN party there which some friends of mine went to. The joke of the next year was "Do you have Cox@Home?"
Fedaykin98 wrote:
wordsmythe wrote:
12 digits? You young'uns really got it easy...
uucp:[ihnp4 uunet seismo]!umcp-cs!gsfcmail!nssdca!robear
"Everybody bangs ihnp4".
"Sometimes I go around saying, 'Kommisar Paulson has seized the commanding heights of the economy!'" - Paul Krugman, asked if recent changes to banking are socialistic.
Robear uucp ftw! Nice to see I'm not the only grumpy old network guy here.
Here's an idea, if you are the network administrator at your company:
Set up a pair of DNS servers, accessable from outside your firewall, configure them to cache, and recursively forward to your (non-COX) ISP's DNS servers. A pair of cheap Linux boxes running BIND would do nicely. Then have the COX clients use your DNS servers instead of COX's. You'll pay a small bandwidth penalty for hosting DNS, but you wouldn't be handling the full brunt of traffic.
This will work, of course, until COX decides to block 53/tcp and 53/udp to force everybody to use their crappy DNS.
MY. HEAD. A. SPLODE.
"I'm absolutely retarded. Not 100% sure why." - atom
"Dhelor + intarwebs = Great ideas." - wordsmythe
"Do I what I do: hate everyone." - Quintin_Stone
Hehe, Cox.
"Three blokes go into a pub. One of them is kind of stupid, and the whole scene unfolds with a tedious inevitability." - Bill Bailey
This was already discussed and shot down.
This would be no different than having everyone go through the concentrators, the bandwidth costs would be the same, if not even more as we would have to open them to the general public.
That would be a security nightmare.
I like my women like I like my meatloaf.
Hot and covered in ketchup.
I wonder where they got the idea.
Xfire|XBL
gr.umpic.us|grumpicus.com
Commissioner, GWJFFL|GWJFFL2
But why can't governments like Colombia or Oman set up their own domains to do that automatically? I mean, why do they need that dude?
The man wears a bucket of KFC on his head. I wouldn't expect anything less. - Pred
Columbia is too busy fighting their own civil war and playing football? Not sure what Oman's excuse is.
XBox Live|Tshirts|xfire | Last.fm
Too busy standing around going, "Oh, MAN!"
.
.
..
.
.
..
I'll get my coat...
A blog: by me!
EGGmen - A European gaming blog *Podcast episode 2 now live*
We became aware of the issue a month or so ago when it broke our network. One day, Subversion (a solid open source competitor to Visual SourceSafe) suddenly was unable to see the server to check files in or out from either of our machines. As I was in the middle of doing a revision for a client, this was A Problem. If I remember correctly, the network printer also suddenly stopped working.
After spending half a day driving myself crazy trying to figure out what had gone wrong, my wife remembered seeing something about the way Cox was changing their DNS service. One changed DNS server location later we were back up and running.
Everything can be debated, but that doesn't necessarily mean it's debatable.
--Chuck Klosterman, Fargo Rock City
In Ultima Online I used to poison hams and leave them on the ground in cities for people to pick up and eat. I can't believe how many people thought street ham was a good thing to eat. -Elliottx
I think, in protest, other networks should refuse to answer the Cox DNS servers on principle.
Cox blocking should get plenty of attention.
I remember once I saw a picture of some high school football game that Cox was sponsoring. A bunch of the cheerleaders were holding up signs that said "We Cox!" That made me laugh for like 10 minutes.
"We're taught from a young age how to dodge rock hard objects moving at incredible rates of speed while simultaneously beating folks half to death with sticks. We do this for fun." -kung fu grip
http://blog.digital-lifeline.ca
Indeed. We were both violated by Cox.
Everything can be debated, but that doesn't necessarily mean it's debatable.
--Chuck Klosterman, Fargo Rock City
Here's an insteresting update for anyone concerned.
A bunch of bigwigs from my company contacted a bunch of bigwigs at Cox cable.
After much explanation and discussion, Cox has stated they are going to revert to their old DNS systems and turn this thing off. Furthermore they reassured us they would not continue with this without notification.
I like my women like I like my meatloaf.
Hot and covered in ketchup.
Why not just set all your user's DNS settings to use OpenDNS or some other similar free service?