3.26.2009

Also not cooking: Rogers DNS hijack, foiled.

I am writing my own webserver for my computer networking course, and have been annoyingly forwarded to Rogers' search page every time my server fails to acknowledge on the connected socket.

I'm sick and tired of Rogers using deep packet inspection to hijack DNS requests for unresolved DNS hosts.

What does this mean? It means that every time you try to go to a website like "www.thiswebsitedoesntactuallyexist.com", you get forwarded to an ad-revenue search page hosted by Rogers.

Every link on the page is an advertisement, and the "opt-out" is also a scam. You get redirected to a fake IE 404 page every time.

I found out today how to fix this problem. Here's what you do:
  1. Put DD-WRT on your router.
  2. Enable DNSMasq. In the DNSMasq options window, enter:
domain-needed
no-resolv
no-poll
server=64.71.255.198 # rogers DNS

# Rogers crap servers
bogus-nxdomain=8.15.7.107
bogus-nxdomain=63.251.179.17
bogus-nxdomain=65.200.200.47
  1. Set the router to distribute DNSMasq as the default DNS server to DHCP clients.
  2. Reboot all attached clients, verify they now have the gateway IP of the router as the primary DNS server, and you're ready to rock.
That's for you, Rogers.

EDIT: A friend of mine pointed out that if you are a big fan of the Google "I'm feeling lucky" trick in Firefox, you can just type in your Google search in the Firefox URL bar. Rogers effectively takes that luxury away from us. Use this to get it back!

5 comments:

  1. Cool fix. I do get frustrated, but I think I've learned to type URL's better because of it.

    The Firefox "I'm feeling lucky" trick will work as long as what you type is longer than one word.

    ReplyDelete
  2. Not to rain on your parade, but this is unnecessary. Just set your DNS servers manually on your router. DD-WRT is not required. I use OpenDNS's servers (http://www.opendns.com/).

    And it's not deep packet inspection they're using. They're simply redirecting unresolved queries to their servers to their own pages. :P

    ReplyDelete
  3. Strange. Every alternate DNS I used came up with their search pages... and this is the only thing that ended up working for me. Maybe the settings never took properly.

    I assume you're able to get it working by just using an alternate DNS server?

    At any rate, if you'd like to use the provided DNS servers by Rogers, but don't want to see their search pages, use this method.

    ReplyDelete
  4. Yeah, I just manually set the primary and secondary name servers right on my router to the IP addresses of OpenDNS' servers.

    Anyway, either approach works.

    ReplyDelete
  5. Yeah - DPI is a complete misnomer. It's not DPI at all.

    I found OpenDNS does hijacking too - it redirects to an OpenDNS page - major fail

    ReplyDelete