Skip to main content

    Support

    Offers

N
ndx123
1st Topic

1 Message

Thursday, February 29th, 2024 3:04 PM

Closed

DNS hijacking on XB8-T?

I am aware you cannot specify DNS servers in the modem/router combo device XB8-T.

However I am wondering if I manually set DNS servers on my computer (the local machine is SUPPOSED to trump upstream devices…) if my DNS server will be honored? I have heard Comcast Xfinity hijacks DNS even when you specify on devices and computers… is this true?

Question

 • 

Updated 

1 year ago

1.3K

10

0

Was this helpful?

Andyr1

Gold Problem Solver

 • 

7.9K Messages

1 year ago

I do believe that DNS requests on standard ports are redirected to Comcast servers. It's supposedly for "security".

0

0

NoNoBadPuppy

Problem Solver

 • 

515 Messages

1 year ago

One of the far too many things that Comcast will not allow you to change on their hardware are DNS Settings.  Supposedly for 'security' but they sell the data collected from users to parties interested in what links everyone visits.  They claim to not share it, but why would they block the ability to change it unless it benefits them.  The 'security' excuse is lame.

0

0

Andyr1

Gold Problem Solver

 • 

7.9K Messages

1 year ago

Remember that the gateways are designed for the general public who know NOTHING about networking. If you can change something, so can malware, or children. If you really need to override certain settings, then either use bridge mode with your own router, or your own modem and router.

0

0

user_noname

Contributor

 • 

168 Messages

1 year ago

@ndx123 - yes, you can manually set on your local machine(s) whatever Name Servers you wish, and your PC will query those servers for Name resolution.

0

0

EG

Expert

 • 

108.6K Messages

1 year ago

@ndx123 

They can't even be changed in the individual LAN clients anymore as the gateway devices no longer act as DNS forwarders / DNS relays. 

1

0

user_noname

Contributor

 • 

168 Messages

@EG - not sure what you are referencing "...the individual LAN clients...", but the DNS settings can absolutely be changed !

1 year ago

0

EG

Expert

 • 

108.6K Messages

1 year ago

Yes. Sure, you can change them physically in the individual client's WAN settings, but they won't work because the gateway devices will still point to their own default gateway IP addresses / Comcast DNS. This can be evidenced via the IP /config command. As stated, the gateway devices no longer relay / forward any chosen third-party DNS servers to the LAN / network clients.

1

0

user_noname

Contributor

 • 

168 Messages

@EG  - sounds like you are mistaken or might be misinformed how client computers request name resolution.

Manually configured public DNS Servers in the LAN setting of client machine,

and when do the IP query, the client machine goes and queries the first configured in LAN Name Server.

nslookup aaa.com
Server:  9.9.9.9
Address: 9.9.9.9#53

Non-authoritative answer:
Name: aaa.com
Address: 45.60.107.121
Name: aaa.com
Address: 45.60.62.121

dig aaa.com

; <<>> DiG 9.10.6 <<>> aaa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49565
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;aaa.com.   IN A

;; ANSWER SECTION:
aaa.com.  300 IN A 45.60.62.121
aaa.com.  300 IN A 45.60.107.121

;; Query time: 37 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Thu Feb 29 14:00:07 EST 2024
;; MSG SIZE  rcvd: 68

1 year ago

0

EG

Expert

 • 

108.6K Messages

1 year ago

Comcast hijacks the DNS. You are locked in to theirs. There's no getting around it. We will just have to agree to disagree.

1

0

user_noname

Contributor

 • 

168 Messages

Definitely no locked into their DNS, and is getting around it !

netstat
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)    
tcp4       0      0  X.X.X.X.61712     dns9.quad9.net.domain  ESTABLISHED

tcp4       0      0  X.X.X.X.61739     dns.google.domain      ESTABLISHED

tcp4       0      0  X.X.X.X.61743     one.one.one.one.domain ESTABLISHED

1 year ago

0

user_noname

Contributor

 • 

168 Messages

1 year ago

@ndx123 , @Andyross

Here is a good test you could try if you wish, configure OpenDNS on your workstation(s) and see if DNS requests are reaching and connecting to OpenDNS nameservers.

After you've configured your device(s) to use OpenDNS's DNS nameservers, click here to test your settings.

0

0

XfinityTy

Official Employee

 • 

376 Messages

1 year ago

Hello @ndx123! Thank you for reaching out to our Xfinity Forums with your question! If you change the DNS server settings on your computer or devices, our gateway will intercept and redirect to the Comcast DNS servers. Your two options are one, to hook your router to the xFi gateway, put the xFi gateway in bridge mode and change DNS in your router. The second option is to use your own modem/router. I apologize for the inconvenience. Please let me know if you have additional questions. 

1

EG

Expert

 • 

108.6K Messages

@XfinityTy​ wrote;

 If you change the DNS server settings on your computer or devices, our gateway will intercept and redirect to the Comcast DNS servers.  

Thank you for corroborating that, Ty.

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer!tick

1 year ago

0

forum icon

New to the Community?

Start Here