Xfinity plant
Xfinity globe
Community Forum

changing the dns

Contributor

changing the dns

Is it possible to change the domain name servers (dns) in the comcast cable modem? I've tried changing the dns on my windows machine and in my router, but those changes get overridden by what the comcast cable modem is set to. I haven't figured out a way to get to these settings.

 

I've had a few instances where my connection is working fine but then for 5 minutes or so I cannot get to websites because the comcast domain name servers aren't responding. If I could either set backup dns or entirely change the dns settings then I believe I would be able to eliminate this issue. This happens about once or twice a week on average.

 

Thanks

 


Accepted Solutions
Contributor

Re: changing the dns

Sorry it took a bit to get back.

 

I got my new Netgear WNR3500L router yesterday. I already had the windows connection set to use OpenDNS with the Tenda router. I removed the Tenda, plugged in the Netgear and shut down the cable modem. Then I started the modem and the router and jumped to the command line and ran an ipconfig /release and /renew. Now I'm getting told when I got to http://welcome.opendns.com that I am using OpenDNS. Craigslist.og is redirected to craigslist.org and the nslookup for craigslist.og is

 

Server: resolver1.opendns.com

Address: 208.67.222.222

 

Non-authoritative answer:
Name: craigslist.og
Address: 67.215.65.132

 

The www.internetbadguys.com URL is redirected to a page notification that it is a Phishing site.

 

Nslookup is

 

Server: resolver1.opendns.com
Address: 208.67.222.222

 

Non-authoritative answer:
Name: www.internetbadguys.com
Address: 67.215.65.133

 

The Issue of OpenDNS not actually being used is resolved as far as I can tell. I think I'm going to remove OpenDNS and see if the issue I was having with the failing Comcast DNS also goes away. That's what prompted my initial question, and I'm wondering if the DNS fails didn't have something directly to do with the router.

 

This all does make me wonder what the Tenda router was actually doing. I'm curious if there is a way to find out what it was doing. I never saw in any of the setup screens a way to force an override of a specified windows DNS setting, but the results make it look like that is what was going on. I'm wondering if the router was redirecting DNS lookups, where it was sending them? Was it going to DNS given to it by the cable modem, or was it being redirected elsewhere? I'm not the type to assume nefarious intent but it does make me wonder.

 

Oh and Thank you Steve for all of your help. Much appreciated.


All Replies
Problem Solver

Re: changing the dns

Well if it is DocSis 3.0 modem NO. but I would ask Comcast to check their DNS Servers.. they may have a problem like what you are experiencing that should be fixable by an Network admin..

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

Is it possible to change the domain name servers (dns) in the comcast cable modem? I've tried changing the dns on my windows machine

 

Hmm. When I change the DNS servers on my Vista computer, it "takes" as soon as I "OK" out of that configuration section.

 

Control Panel\Network and Sharing Center\Manage network connections\Wireless Network Connection\Properties (not "Wireless Properties")\Internet Protocol Version 4\Use the following DNS server addresses

 

That's for wireless, dunno if there's a bug such that changing the DNS servers for wired LAN won't work.

 

and in my router,

 

When I change the DNS servers in my router I need to get a new lease on my computer for it to "take". I do that via opening a command window and entering:

 

ipconfig /renew

 

Expert

Re: changing the dns


DOS wrote:

Well if it is DocSis 3.0 modem NO.


Straight modems are layer two bridges. No matter what their DOCSIS compatibility is there is no way to configure what DNS servers are used withinin them.... This is configured in the client.

Contributor

Re: changing the dns

I don't know if my modem is a Docsis modem. Is there a way to tell? My Comcast cable modem is model U10C035 and has no specific name on it but is does have on the same label "Trade Name: Ambit". I have Xfinity cable and internet.

 

When I attempted to set the DNS in Windows 7 or in the router setup, I left it this way for days. I rebooted, I turned everything off, I even released and renewed my connection. All to no new end. I was always using comcast domain name servers. 

 

I don't have a problem using their servers except when they have an intermittent outage that freezes me in my work.

Expert

Re: changing the dns

All modems are DOCSIS these days. Just depends on their compatibility level, D2 or D3. This has nothing to do with the configurable DNS which is done in the client (a router or a computer) unless the device is actually a modem/router gateway device, then it has to be configured within it). Sounds like you are doing something incorrectly in your client/s..

Silver Problem Solver

Re: changing the dns

Another approach to this, would be to log in to your account as the primary user, go to "users & settings" and switch off the Domain helper service there. Then power cycle your equipment and you should be good.

 

Be advised though, I have seen posts here that the domain helper service can reappear, even after opting out. (good news is, the service is due to be phased out this year).

 

No, idea why you can't set the dns in your router or computer, as that would be the best option, as suggested above.

 

Edit....> Hmmm, on re-reading the thread, I see you are not really talking about the domain helper service...Not to worry it's all good info.....Smiley Sad

Expert

Re: changing the dns

I am at a loss as to how their Domain Helper service comes in to play here ? Nevetheless, if one wants to remain "opted" out, they should *hardcode* the IP addresses of their anycast DNSsec servers in to the client's connection properties dialog as these do not support the Domain Helper service.

 

75.75.75.75 & 75.75.76.76 

 

[Edit]

 

Edited to say saw the above poster's edit.

Contributor

Re: changing the dns

I do know how to set the dns properly in the router and windows. I used opendns and google dns for years prior to moving and starting to use comcast. The settings are getting overridden to the 75.75.75.75 & 75.75.76.76. Though admitedly I have a new router (the new one is currently a cheapy that replaced a router that was having issues and couldn't do gigabit) so maybe something is going on in there. I do eventually want to swap it out with one I can flash tomato or dd-wrt but that will have to wait a bit.

 

And Domain Helper is off.

 

I might try removing the router and switch that I using and just connect directly from comcast modem to comptuer to see if that works to eliminate issues. 

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

I do know how to set the dns properly in the router and windows. I used opendns and google dns for years prior to moving and starting to use comcast. The settings are getting overridden to the 75.75.75.75 & 75.75.76.76. 


How are you determining which DNS servers actually get used for queries?

Official Employee

Re: changing the dns

The DNS settings on the Cable Modem are set by Comcast, but are only used for management of the Cable Modem. You can specify different DNS servers on your PC or Wireless gateway and that will override what is set via DHCP.

Contributor

Re: changing the dns

For opendns it is pretty easy as their own site tells you whether you are or aren't using their servers for the lookup. Change the dns settings and then go to welcome.opendns.org. They have a redirect service for a test false-positive site as well as just a general check. When I change to their dns servers it fails and says I'm not using their servers. For me that's the ultimate test since I have used this service before moving to comcast. It worked before I moved, but now fails.

 

To see what dns my computer is suppose to be using, I use "ipconfig -all" and look at what the dns server is listed for the ethernet connection for the internet. Also in the router it lists the dns servers that it was given by the dhcp server, or the one I set specficially. However if it the dns server request is being intercepted these settings would mean nothing.

 

You can also use "nslookup www.somewebsite.com" and the first line is suppose to tell you what dns server you are using.

 

Now having said that and even though I have both the router and windows connection set to use open dns, I see in my icponfig, and ns lookup that I'm supposedly using the opendns servers. But when I actually test it using their site it fails.

 

In addition, if I remove my specificied dns servers in windows and in my router, and then use the program namebench to locate a faster dns it tells me that I am unable to change the dns server because it is either set in the router or it is being redirected. 

 

I have yet to actually test the connection without the router in the chain, so maybe the router is the culprit and is intercepting any request it gets. Having said that though, if the router is doing this then I would have expected OpenDNS check to work.

 

If you have another way of testing, I'm open to checking it.

 

Contributor

Re: changing the dns

 


jtb03 wrote:

The DNS settings on the Cable Modem are set by Comcast, but are only used for management of the Cable Modem. You can specify different DNS servers on your PC or Wireless gateway and that will override what is set via DHCP.


I understand what you are saying but the real world situation I'm running into doesn't seem to be jiving with what you are saying. Perhaps there is something else going on that I haven't figured out.

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

For opendns it is pretty easy as their own site tells you whether you are or aren't using their servers for the lookup. Change the dns settings and then go to welcome.opendns.org. They have a redirect service for a test false-positive site as well as just a general check. When I change to their dns servers it fails and says I'm not using their servers. For me that's the ultimate test since I have used this service before moving to comcast. It worked before I moved, but now fails.

 

Checking with a third party is *not* a good way to figure out which DNS servers you're using.

 

To see what dns my computer is suppose to be using, I use "ipconfig -all" and look at what the dns server is listed for the ethernet connection for the internet.

 

I'm not even sure I'd trust Windows to report things correctly.

 

Also in the router it lists the dns servers that it was given by the dhcp server, or the one I set specficially. However if it the dns server request is being intercepted these settings would mean nothing.

 

I'm not really sure what you mean there, but DNS queries don't get "intercepted" by Comcast. I regularly query lots of third party DNS servers, and I'd notice.

 

You can also use "nslookup www.somewebsite.com" and the first line is suppose to tell you what dns server you are using.

 

Now you're talking, *that's* how you can tell what DNS server was used for a query. To be double sure, you could use Wireshark to see the address of the DNS server that gets used.

 

Now having said that and even though I have both the router and windows connection set to use open dns, I see in my icponfig, and ns lookup that I'm supposedly using the opendns servers. But when I actually test it using their site it fails.

 

Something is going wrong at the OpenDNS site, then.

 

In addition, if I remove my specificied dns servers in windows and in my router, and then use the program namebench to locate a faster dns it tells me that I am unable to change the dns server because it is either set in the router or it is being redirected. 

 

Hmm. Don't really know what to make of that. But, if nslookup says that it's using a particular server, I'd say that that's conclusive evidence that it *is* using that server, and unless you've mucked with the defaults for nslookup, that's also the server your Windows machine is configured to use.

 

I have yet to actually test the connection without the router in the chain, so maybe the router is the culprit and is intercepting any request it gets. Having said that though, if the router is doing this then I would have expected OpenDNS check to work.

 

If you have another way of testing, I'm open to checking it.

 


 

Contributor

Re: changing the dns

Thank you Steve. I do trust that nslookup is telling me the truth, but it just seems odd that OpenDNS says I'm not using their servers, doesn't resolve mistyped web addresses or anything else that it is suppose to be doing if I'm using the OpenDNS servesr. One thing it says it is suppose to do is if you type craigslist.og into your browsers address bar and it is suppose to redirect you to craigslist.org. Or if you go to "internetbadguys.com" it is suppose to pop up a warning that that website is dangerous. Neither happens if I set my dns to their servers. 

 

In the scheme of things changing the dns isn't that big of a deal. I just get tired of the comcast dns servers freezing up or not responding once or twice a week for a couple minutes. I'd like to be able to just add a third alternative dns that it would fail over to in order help out with those times when Comcast dns stops working.

 

Oh and by Intercept I just meant redirecting the dns server being used. I've had it done before by an ISP so I assume(d) Comcast is doing it. For them it was just changing a setting on their account page to have them stop doing it. I had initially assumed that was what I had to do, but instead it appears things are sort of working the way they should be but there is still something funky going on.

 

I did try taking the router out of the loop but I then had problems getting the computer to properly connect to the modem. I didn't have time to figure out what was going on so switched it back. I might try tomorrow when I get the chance.

 

Edit: Oh and let me ask a follow up stupid question. I totally forgot about wireshark but that is a good idea. However isn't wireshark and nslookup going to report what they think is being used for dns? I'll give a scenerio. If windows is set to use google dns but the router actually redirects the dns to comcast, couldn't both nslookup and wireshark be fooled into reporting that google dns is being used since the redirect is outside of their visibility? The router could switch the dns, do the query and then report back to the windows machine that it actually used the initial dns. Or am I totally thinking wrong?

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

Thank you Steve. I do trust that nslookup is telling me the truth, but it just seems odd that OpenDNS says I'm not using their servers, doesn't resolve mistyped web addresses or anything else that it is suppose to be doing if I'm using the OpenDNS servesr. One thing it says it is suppose to do is if you type craigslist.og into your browsers address bar and it is suppose to redirect you to craigslist.org. Or if you go to "internetbadguys.com" it is suppose to pop up a warning that that website is dangerous. Neither happens if I set my dns to their servers. 

 

What are the addresses of the OpenDNS servers you're settting up?

 

In the scheme of things changing the dns isn't that big of a deal. I just get tired of the comcast dns servers freezing up or not responding once or twice a week for a couple minutes. I'd like to be able to just add a third alternative dns that it would fail over to in order help out with those times when Comcast dns stops working.

 

Oh and by Intercept I just meant redirecting the dns server being used. I've had it done before by an ISP so I assume(d) Comcast is doing it. For them it was just changing a setting on their account page to have them stop doing it. I had initially assumed that was what I had to do, but instead it appears things are sort of working the way they should be but there is still something funky going on.

 

I did try taking the router out of the loop but I then had problems getting the computer to properly connect to the modem. I didn't have time to figure out what was going on so switched it back. I might try tomorrow when I get the chance.

 

Edit: Oh and let me ask a follow up stupid question. I totally forgot about wireshark but that is a good idea. However isn't wireshark and nslookup going to report what they think is being used for dns? I'll give a scenerio. If windows is set to use google dns but the router actually redirects the dns to comcast, couldn't both nslookup and wireshark be fooled into reporting that google dns is being used since the redirect is outside of their visibility? The router could switch the dns, do the query and then report back to the windows machine that it actually used the initial dns. Or am I totally thinking wrong?

 

Wireshark would show the IP address the query was sent to, and the IP address that sent the query response. Yeah, Comcast could "intercept" DNS queries and fake the return packet headers, but they don't. Routers aren't built to "fake you out" the way you're suggesting. They can assign, and be assigned, DNS servers via DHCP, but the DHCP assignment can be overridden in the router and in the computer. But when the router sees that you want to send a packet to a particular address on port 53, it just does it.

 

Contributor

Re: changing the dns

The OpenDNS servers are

 

208.67.222.222

208.67.220.220

 

Thank you for the information on the dns. I'm guessing something is going on but what I'm not sure. Perhaps it is just something funky with my router,windows and/or opendns. 


Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

The OpenDNS servers are

 

208.67.222.222

208.67.220.220

 



Those servers act the way you say they should. EG:

 

-----

dig @208.67.222.222 craigslist.og
...
;; ANSWER SECTION:
craigslist.og.          0       IN      A       67.215.65.132

-----

 

67.215.65.132 is the address of the OpenDNS "problem" site.

 

So, when you think you should be set up to use OpenDNS and you do

 

nslookup craigslist.og

 

what do you see?

 

 

Contributor

Re: changing the dns

When I run nslookup on craigslist.og I get

>nslookup craigslist.og

Server:  resolver1.opendns.com

Address:  208.67.222.222

 

*** resolver1.opendns.com can't find craigslist.og: Non-existent domain

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

When I run nslookup on craigslist.og I get

>nslookup craigslist.og

Server:  resolver1.opendns.com

Address:  208.67.222.222

 

*** resolver1.opendns.com can't find craigslist.og: Non-existent domain


Well, I'm stumped. I just signed up for an OpenDNS account and don't see a way to turn off the "domain helper" option. My next step would be to fire up Wireshark and see what it says about where queries go when you do nslookup.

Gold Problem Solver

Re: changing the dns


tnorman5828 wrote: ... *** resolver1.opendns.com can't find craigslist.og: Non-existent domain

That's . . . weird. Is malware a possibility?

Contributor

Re: changing the dns

Yes, one of the first things I checked on OpenDNS was if it was possible to use the dns but turn off the rerouting service. I couldn't find a way.

 

And I doubt if malware is the issue as the same results are happening with my laptop.

 

But I think I've now narrowed down my culprit.

 

I had some time this morning so I took the router and switch out of the connection between the main computer and the comcast cable modem. Restart the modem and released and renewed the connection in windows via ipconfig. After doing this OpenDNS worked properly. If I put them back into the loop, restart the modem and release and renew the windows connection, then OpenDNS fails again. So the culprit is either the router or the switch. Why or how either would cause this issue I'm not sure.

 

Now, I've just taken the switch out of the loop and OpenDNS still isn't reporting the right thing. So my only guess is that there is some setting in the router that is misconfigured or that the router just doesn't handle things correctly.

 

Before I removed the router or switch I did run wireshark and recorded an nslookup for craigslist.og The results seemed normal to me, but I'm not 100 percent sure of where to look to spot something out of the ordinary. From what I saw there were only 2 ip's communicating (my computers local ip and the openDNS service).

 

So in the end I've narrowed it down to the cheapy (almost free with rebate) router I have. Why it is doing what it is doing? I have no idea. I've looked at every setting in the router to look and see if maybe it could be causing an issue but I don't see anything that really should be screwing up a dns lookup.

 

 

Expert

Re: changing the dns

I don't generally use OpenDNS, but I just logged into my account and found my way to the Dashboard, which is where you can customize your settings. On the Advanced Settings page there are checkboxes for "Enable typo correction". And the Security page has checkboxes for Malware/Botnet Protection, Phishing Protection, and Suspicious Responses.

 

Are you talking about something else?

Bronze Problem Solver

Re: changing the dns


Barmar wrote:

I don't generally use OpenDNS, but I just logged into my account and found my way to the Dashboard, which is where you can customize your settings. On the Advanced Settings page there are checkboxes for "Enable typo correction". And the Security page has checkboxes for Malware/Botnet Protection, Phishing Protection, and Suspicious Responses.

 

Are you talking about something else?


Yeah, we're talking about the "domain helper" part that, for example, resolves craigslist.og to 67.215.65.132, which is the address of the OpenDNS "helper" web site.

Gold Problem Solver

Re: changing the dns


tnorman5828 wrote: ... I've had a few instances where my connection is working fine but then for 5 minutes or so I cannot get to websites because the comcast domain name servers aren't responding. ...

Whenever this happens to me it turns out that I've lost my internet connection completely. The modem's front panel lights may look normal but I can't reach my default gateway. Next time you have what looks like a DNS failure, try pinging your default gateway IP. If you can't reach that, then it doesn't matter if DNS is working or not.

 

Apologies if I'm telling you stuff you already know.

Gold Problem Solver

Re: changing the dns


steve-baker wrote: Yeah, we're talking about the "domain helper" part that, for example, resolves craigslist.og to 67.215.65.132, which is the address of the OpenDNS "helper" web site.

OK, I'm confused. Wouldn't "Enable typo correction" be the same thing as "domain helper"?

Bronze Problem Solver

Re: changing the dns


BruceW wrote:

steve-baker wrote: Yeah, we're talking about the "domain helper" part that, for example, resolves craigslist.og to 67.215.65.132, which is the address of the OpenDNS "helper" web site.

OK, I'm confused. Wouldn't "Enable typo correction" be the same thing as "domain helper"?


No, not at all. I used the term "domain helper" because that's the term Comcast uses for their servers that do the same thing (well, the Comcast servers aren't as bad), and it's good to put it in quotes because the help part really isn't. ;-) OpenDNS "Domain helper" will resolve all non-existent domains to 67.215.65.132, which will redirect web browsers to their "helper" web page. EG:

 

dig @208.67.222.222 x.y
...
;; ANSWER SECTION:
x.y.                    0       IN      A       67.215.65.132

 

Comcast does it when it looks like you're trying to resolve the name of a web site:

 

dig @68.87.68.166 www.x.y
...
;; ANSWER SECTION:
www.x.y.                0       IN      A       207.223.0.140

 

But it doesn't always do it:

 

dig @68.87.68.166 x.y
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN

 

Typo correction is different. I didn't really pay close attention to exactly what they do, but here's a hypothetical using our craigslist.og example. They don't use typo correction on that domain for some reason (maybe that has to do with my configuration there), but if they did, they'd change .og to .org and then return the answer for craigslist.org. They don't answer the question you asked, they try to figure out what you actually wanted to know.

Contributor

Re: changing the dns

Just to follow up the typo correction is turned on on my OpenDNS account so the OpenDNS server (which looks like I'm using) should be giving me either their default landing page (aka Domain Helper) or changing the name to the assumed correct web address. It does neither and chrome, firefox, and IE all just gives me a default site not found page from the web browser. 

 

However if I do take the cheapy router I have out of the loop. then when I type craigslist.og, I am actually sent to craigslist.org. 

 

I don't really want to use OpenDNS I'd just like to have an alternative when it appears comcast DNS isn't answering.

 

BruceW: Yes I have looked at the lights on the modem to see if it is the modem. The connection to the modem does go down on occasion but the times I'm talking about I'll have an offsite backup still running or maybe a live video streaming from Twit.tv. The connection isn't saturated (I severly limit my upload rate to keep me from going over the 250gb monthly limit and the download rate is small.) My initial thought too was that the connection was down, but I am still able to have connections actively communicating that are not using dns. Plus I get the nice 'cannot get a response from the dns server' or some such warning in Chrome when it happens. (Though I rarely trust the errors received in such a manner.)

 

 Oh and as another follow up... I've ordered a new router which is something I've been wanting to do for a bit any way.

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

 

 

However if I do take the cheapy router I have out of the loop. then when I type craigslist.og, I am actually sent to craigslist.org. 

 


What's the make/model of that router?

Contributor

Re: changing the dns

The router is a Tenda W268R. Actually come to think of it I got a coupon which made the router free from MicroCenter after doing some sort of survey for them. 

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

The router is a Tenda W268R. Actually come to think of it I got a coupon which made the router free from MicroCenter after doing some sort of survey for them. 


Any news? I'm quite curious about how this turns out. I've heard of routers doing some very strange, unexpected things, but not this. I looked at the maunal from their web site. I was thinking there might be some odd config where you could make everyone on a LAN use the administrator approved DNS server, but I didn't see anything like that. The manual was pretty well done, though, kinda confidence inspiring for a router that retails for twenty bucks. ;-)

Contributor

Re: changing the dns

Sorry it took a bit to get back.

 

I got my new Netgear WNR3500L router yesterday. I already had the windows connection set to use OpenDNS with the Tenda router. I removed the Tenda, plugged in the Netgear and shut down the cable modem. Then I started the modem and the router and jumped to the command line and ran an ipconfig /release and /renew. Now I'm getting told when I got to http://welcome.opendns.com that I am using OpenDNS. Craigslist.og is redirected to craigslist.org and the nslookup for craigslist.og is

 

Server: resolver1.opendns.com

Address: 208.67.222.222

 

Non-authoritative answer:
Name: craigslist.og
Address: 67.215.65.132

 

The www.internetbadguys.com URL is redirected to a page notification that it is a Phishing site.

 

Nslookup is

 

Server: resolver1.opendns.com
Address: 208.67.222.222

 

Non-authoritative answer:
Name: www.internetbadguys.com
Address: 67.215.65.133

 

The Issue of OpenDNS not actually being used is resolved as far as I can tell. I think I'm going to remove OpenDNS and see if the issue I was having with the failing Comcast DNS also goes away. That's what prompted my initial question, and I'm wondering if the DNS fails didn't have something directly to do with the router.

 

This all does make me wonder what the Tenda router was actually doing. I'm curious if there is a way to find out what it was doing. I never saw in any of the setup screens a way to force an override of a specified windows DNS setting, but the results make it look like that is what was going on. I'm wondering if the router was redirecting DNS lookups, where it was sending them? Was it going to DNS given to it by the cable modem, or was it being redirected elsewhere? I'm not the type to assume nefarious intent but it does make me wonder.

 

Oh and Thank you Steve for all of your help. Much appreciated.

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

Sorry it took a bit to get back.

 

I got my new Netgear WNR3500L router yesterday. I already had the windows connection set to use OpenDNS with the Tenda router. I removed the Tenda, plugged in the Netgear and shut down the cable modem. Then I started the modem and the router and jumped to the command line and ran an ipconfig /release and /renew. Now I'm getting told when I got to http://welcome.opendns.com that I am using OpenDNS. Craigslist.og is redirected to craigslist.org and the nslookup for craigslist.og is

 

Server: resolver1.opendns.com

Address: 208.67.222.222

 

Non-authoritative answer:
Name: craigslist.og
Address: 67.215.65.132

 

Actually, that's the address of the OpenDNS "helper" page.

 

...

This all does make me wonder what the Tenda router was actually doing. I'm curious if there is a way to find out what it was doing. I never saw in any of the setup screens a way to force an override of a specified windows DNS setting, but the results make it look like that is what was going on. I'm wondering if the router was redirecting DNS lookups, where it was sending them? Was it going to DNS given to it by the cable modem, or was it being redirected elsewhere? I'm not the type to assume nefarious intent but it does make me wonder.

 

Well, you could figure out whether or not the queries were going to a Comcast server... pretty much. Comcast expires the DNS cache early if a domain gets few queries. So you do a lookup on an obscure domain that has appropriate TTLs, wait a while, and then do another lookup. If the TTL countdown was restarted that means the cache was flushed, and it's a Comcast server. It's not quite that simple because there's a cluster of around 10 servers at each address, but it's simple and easy to do. I'll give you the details if you want to check it out; I'm interested too.

 

Oh and Thank you Steve for all of your help. Much appreciated.

 

No problem, glad to help. Thanks for posting what you found out.


 

Contributor

Re: changing the dns

I thought the OpenDNS helper page is where it was suppose to be going. It gets sent to the helper and then gets redirected to the appropriate place because of the rule to autocorrect the .og to .org. I'm just guessing on how it works. 

 

If you want to tell me how to test out what the Tenda router was doing, I'd be willing to try it out.

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

I thought the OpenDNS helper page is where it was suppose to be going. It gets sent to the helper and then gets redirected to the appropriate place because of the rule to autocorrect the .og to .org. I'm just guessing on how it works. 

 

I was just guessing too, and I was wrong. I was thinking the DNS server did the "typo correction" stuff, but you're right, it's done via an HTTP redirect.

 

If you want to tell me how to test out what the Tenda router was doing, I'd be willing to try it out.

 

It might be a little more work than I thought... unless you have a DNS client that shows the TTLs? I was thinking you could ownload the BIND distribution and just extract dig.exe and the .dlls and have things work, but you apparently need to do an install. There is an option to just install the tools without installing the server, but installing stuff without a good reason isn't something I'd recommend just on general principle. It'd be a little clunkier, but you could check things out with Wireshark.

 

Here's the basic idea. Like I said, just do a lookup to get an obscure domain with a longish TTL cached in the server, wait a bit (15 minutes is when Comcast will flush a domain that gets hardly any lookups), and do another lookup. If the TTL was reset, that's a sign of a Comcast server. The TTL says how long a record should stay in the cache.

 

Here's an example domain:

 

dig @4.2.2.2 guy.com
...
;; ANSWER SECTION:
guy.com.                43200   IN      A       205.186.175.217


dig @4.2.2.2 guy.com
...
;; ANSWER SECTION:
guy.com.                43197   IN      A       205.186.175.217

 

43200 is the number of seconds the record is supposed to be cached. You can see that it counted down 3 seconds between the first and second queries. It's supposed to count down to zero , but Comcast sometimes gets impatient.

 

So, here's what you do. Because there's about 10 servers in the Comcast server cluster, do about 30 or so lookups to "seed" most of them. Wait an hour. Fire up Wireshark and do another, say, 10 lookups. Then check out Wireshark. I've included a screenshot showing the TTL (converted to days, hours, seconds) in the bottom of the middle pane. I use the domain bakes.net as it seems noone at Comcast ever wants to find the address of that domain. The TTL for that domain starts at one day (86400 seconds). After an hour the TTLs should be around 86400 - 3600 = 82800 seconds if counted down normally. But if you're seeing lots of TTLs of 1 day, I'd bet you were querying a Comcast server.

 

Do

nslookup bakes.net.

 

to do the lookups. Note the dot at the end. That's to indicate that it's a Fully Qualified domain... so Windows won't try to "qualify" it by adding stuff to the end of it and doing lookups on that, and clogging up the Wireshark display. Note also the UDP filter. That just makes it easier to find what you want. Also, in the Windows command window you can bring up the last command that was executed by hitting the up arrow.

 

Here's hoping I'm making sense!

 

 


 

Clipboard03.jpg
Gold Problem Solver

Re: changing the dns


steve-baker wrote: ... unless you have a DNS client that shows the TTLs? ...

"nslookup -debug" will show the TTL. Ex:

 

    nslookup -debug o.co.

Contributor

Re: changing the dns

Steve -- Yes it makes sense to me. Though do you have any suggestons for the 30 or so nslookups to start out with? I could write a quick batch script to run the lookups.

 

Hmmm wait a second. Getting something odd. I just removed the OpenDNS servers from the windows settings and when I run a nslookup bakers.net I get:

 

nslookup bakers.net

Server: UnKnown
Address: 7.7.7.7

 

Non-authoritative answer:
Name: bakers.net
Address: 66.113.131.23

 

 

Now this is with the netgear router attached. 7.7.7.7 is my router address which shouldn't be listed as a dns as far as I know. And yet there it is. It is also showing up as a dns server (the only one) under the ipconfig listing for my network connection. Hmmm.... Maybe it's just time to wipe the system and start fresh.

 

 

 

 

 

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

Steve -- Yes it makes sense to me. Though do you have any suggestons for the 30 or so nslookups to start out with? I could write a quick batch script to run the lookups.

 

Well, after entering the command the first time, you just have to hit <uparrow><enter> for each subsequent lookup. Should only take around 30 seconds.

 

Hmmm wait a second. Getting something odd. I just removed the OpenDNS servers from the windows settings and when I run a nslookup bakers.net I get:

 

nslookup bakers.net

 

Not bakers.net, bakes.net. Bakers.net might work for this, but you need to use a domain that Comcast users basically never ask about. Bakes.net might not work for this either, if others are playing along. You should check out the TTLs of the initial lookups too, to make sure the servers don't have already have answers cached.

 

Server: UnKnown
Address: 7.7.7.7

 

Non-authoritative answer:
Name: bakers.net
Address: 66.113.131.23

 

 

Now this is with the netgear router attached. 7.7.7.7 is my router address

 

Why is that your router address? I don't understand your setup, 7.0.0.0/8 is allocated to the DOD.

 

which shouldn't be listed as a dns as far as I know. And yet there it is. It is also showing up as a dns server (the only one) under the ipconfig listing for my network connection. Hmmm.... Maybe it's just time to wipe the system and start fresh.

 

I don't really know that much about this stuff, but I think the router's address showing up as the DNS server for the computer is normal... under some circumstances. I'm not really sure about those circumstances, but it sounds like you have a mix of DHCP and static assignments... or something.

 

 

 

 

 


 

Bronze Problem Solver

Re: changing the dns


BruceW wrote:

steve-baker wrote: ... unless you have a DNS client that shows the TTLs? ...

"nslookup -debug" will show the TTL. Ex:

 

    nslookup -debug o.co.


Thanks for the info. Took a while, but I got around to checking out the nslookup options, and Googling showed me the way, so I thought I'd share. Doing the regular

 

nslookup /?

 

doesn't show much. But running nslookup without an argument brings up "interactive" mode, and entering "help" (no quotes) at the prompt shows a surprising number of options.

 

Thanks again!

Contributor

Re: changing the dns

I use the 7.7.7.0-255 on my router and LAN. I could just as likely use 192.whatever or 10.whatever.  7.0.0.0/8 may be used by the DOD (I have no knowledge of it) but I just picked an IP to use for my local network. Since it is local it has nothing to do with the DOD or anything else. The LAN IP would never be seen past my router since the router would then pass it onto the modem using the WAN IP address.

 

And for the nslookup... you are suggesting to do 30 nslookups on the same domain? I think I understand now. I thought you were suggesting doing an nslookup on 30 different domains.

 

Right now I don't have any static DHCP assignments. I had them setup for the old router so I would know which computer/device was where and could do port forwarding as necessary, but I haven't found it necessary yet to set those backup. 

Bronze Problem Solver

Re: changing the dns


tnorman5828 wrote:

I use the 7.7.7.0-255 on my router and LAN. I could just as likely use 192.whatever or 10.whatever.  7.0.0.0/8 may be used by the DOD (I have no knowledge of it) but I just picked an IP to use for my local network. Since it is local it has nothing to do with the DOD or anything else. The LAN IP would never be seen past my router since the router would then pass it onto the modem using the WAN IP address.

 

Why not use these addresses that are specifically reserved for private networks? But, no big deal, about the only problem is that you won't be able to reach the real 7.7.7.0/24 out on the Internet.

 

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

 

And for the nslookup... you are suggesting to do 30 nslookups on the same domain? I think I understand now. I thought you were suggesting doing an nslookup on 30 different domains.

 

Right, same domain. An obscure domain that gets hardly any lookups at Comcast... so the Comcast DNS cache will expire early. The reason for the 30 lookups is that there is a cluster of servers at each IP address, and you want to "seed" most of them.

 

Right now I don't have any static DHCP assignments.

 

Well... the D in DHCP stands for Dynamic, so... ;-)

 

I had them setup for the old router so I would know which computer/device was where and could do port forwarding as necessary, but I haven't found it necessary yet to set those backup. 

 

You configured the computers with static addresses? Was that router configured to be a DHCP server? Hmm. I'm in over my head now. ;-)


 

Contributor

Re: changing the dns

Oh, yeah I meant static ip addresses not static dhcp server. Mental slip.

 

Yes, I was using the router to act as a DHCP server. Pretty much if you are going to be using another ip address region you have to use DHCP if you will be connecting unknown devices they need to be given an ip to work on the network.

 

However I assigned specific ip's to specific computers in the routers. So say the router is at 7.7.7.1, I would assign the primary computer to 7.7.7.10 and another computer to 7.7.7.20. My wifi enabled android phone would be assigned 7.7.7.30. If I had my file server up it would be assigned 7.7.7.40. This way when I'm working on one device I would pretty much know what ip went to which device. So if I wanted to ping it or needed to do something else then I wouldn't have to go to the router to see what ip address had been assigned another device. I still used the router as a dhcp server to take care of any random device that I might install so they can have network access. I could have turned off the dhcp server for a little bit more security but it wouldn't help much and would have been a bit of a pain to work around for new devices on the network. 

 

The reason I used static ip addresses was more for port forwarding than anything else. For example, I had an xbox 360 and a program on my computer that would allow any media file to be played on the xbox 360. I had to tell the router to always give the xbox 360 a specific ip address and the computer to always have a specific ip address. Then I could port forward specific ports the xbox 360 and the computer needed to communicate. This allowed them to easily talk to each other so I could play media files on the xbox that was hookedup to the tv. Without the port forwarding the xbox would have problems seeing the computer.

 

I only use the 7.7.7.0-255 ip range because it was a number I'd remember easily and when I set it up I liked a quarterback with the number 7 on his jersey. I have no reason to go to the DoD Network Information Center so it isn't a conflict for me.

 

I'll try and get the Tenda router back on the network this weekend and see what the results are for the ttl on a remote website.

Expert

Re: changing the dns

If you have machines on your LAN set up to get their configuration with DHCP, and you have a Netgear router, the router will set itself as their DNS server. It then forwards DNS messages to the ones in its configuration.

 

This is different from some other router manufacturers, which pass the DNS settings through to the DHCP clients.

Expert

Re: changing the dns


tnorman5828 wrote:

Now this is with the netgear router attached. 7.7.7.7 is my router address which shouldn't be listed as a dns as far as I know. And yet there it is. It is also showing up as a dns server (the only one) under the ipconfig listing for my network connection. 

 


The router is acting as a DNS proxy.

New Poster

Re: changing the dns

When I first got Xfinity / Comcast Internet about a year ago, I was having issues with passing traffic and page not found found errors. So I swiched my DNS addresses on all of my wireless machines to Google public DNS numbers. 8.8.8.8 and 8.8.4.4 and have had no problems on my Macbook Pro, iPad or windows machines ever since. Can't do anything about the modem itself. It is flashed and I dont have the Admin: U/N: Password

Expert

Re: changing the dns

Year and a half old thread now closed.