Community Forum

How to Opt-out of the DNS NXR program?

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

Regular Visitor

How to Opt-out of the DNS NXR program?

Upon receiving 403 on a fat fingered URL, I was redirected to the Comcast search page.  Now I know that DNS caching and redirection be helpful for the masses, but I personally despise not being told that an error occured and in turn assuming that I cannot figure out what the problem and resolve it myself.

 

Having vented my frustration with supposed helper utilities, I will get to the crux of the problem I am encountering.

 

The link to opt-out of the DNS caching and redirection program leads me to a "403 - Forbiden" of the root web server directory, hence redering me unable to opt-out.  The opt-out URL that is being given to me on the Comcast search page is "http://nxr-opt-out-trial.comcast.net/".

 

The two issues I would like some resolution on are:

  1. Where am I supposed to go to opt-out of the DNS caching and redirection?
  2. If the link that was provided to me is infact the correct server to request an opt-out, when will it be fixed so that the many people who do know how to diagnose their own issues or who use third party DNS servers can effectively eliminate this burden of being automaticly signed up for a service in which they didn't need or want in the first place. (Is it blindingly obvious where I stand with all opt-in opt-out situations? People, in general, wanted to be informed of changes and to be given the opertunity to make their own descisions.)

My ultimate goal here is to opt-out, but I would also like Comcast to directly hear my complaint and preferably provide a config panel in the account settings with an option to opt-in to programs like this and the default setting be opt-out.

 

Preemptive thanks to all who respond.

Regular Visitor

Re: How to Opt-out of the DNS NXR program?

Update:

 

I have stumbled upon some resemblance of an answer to one of my questions.  The opt-out link is still being rendered incorrectly, it should be displaying this link "http://dns-opt-out.comcast.net/".

 

The link explains that if you don't want the DNS redirection, Comcast calls it a "Domain Helper", you can disable it in your account settings.

  1. Log in to the Comcast CustomerCentral site with your Comcast account.
  2. Click on the "Users & Settings" tab.
  3. Find the "My Devices" section
  4. Click "Edit" on the MAC address listed (my MAC shows my firewall, the first hop from the modem)
  5. Click radio button for "Disable Domain Helper" and click Save.

There is no documentation on how long it takes the "Domain Helper" to "Disable", so it simply could take effect immediately...

or it could take just five minutes...

maybe three hours...

perhaps seventeen days...

conceivably within four months...

perchance before six years...

etc...

etc... 

etc...

 

Making the assumtion that the using the option to "Disable Domain Helper" modifies a Comcast DHCP server configuration, all I have to do is wait for that change to be made and await or force a DHCP renewal.  Depending on if this is automated or done manually, this could take a few minutes to a few days.  I am going to make my own attempts to force a DHCP renewal after I finish with this post to see if it has taken affect.

 

Because Comcast serves it's customers with DHCP, I presume that if the "Disable Domain Helper" change does not go into affect, my next renewal will automatically return me to using the "Domain Helper" DNS server weither I manually set it to use the non "Domain Helper" DNS servers or not.

 

Here is a list of all non "Domain Helper" DNS servers.

And I don't know why you would need it if you are reading my article, but I will put the list of all "Domain Helper" enabled DNS servers for fairness and continuity

 

Since I have no insight to how Comcast has deployed this "Domain Helper" service, I am now going to make some assumptions that either will or will not be confirmed by Comcast.

 

Here is how I think it works...

 

Domain helper is basicly a combination of localized DNS servers and Web servers.

When a call is made to a "Domain Helper" enabled DNS server, it first checks its local cache for the entry. 

  • If there is a local entry, it replies back to the requester with the DNS enrty and the page is displayed.
  • If there is no local entry, then the DNS server requests an update from its trusted peers, in this case that would be other trusted Comcast DNS servers.
  • If the peers have an answer, it is passed back to the DNS server.  The DNS server updates its cache record with the new information and returns the results to the requester, and in turn the HTTP request is made returning the page to be displayed.
  • If the peers don't have an answer...
    • NORMAL DNS servers call to a backbone providers DNS server and sometimes directly to ROOT DNS servers. (This does not occur on the Comcast "Domain Helper" DNS.)
      • If the backbone or root DNS servers have an answer, they return the request to the ISP DNS where the cache is updated and the answer is returned to the original requester.  This sends the requester an answer as to how to get to the site or server was originally requested canonically.
      • If the backbone or root DNS servers do not have an answer, they respond to the ISP DNS server that there is no entry for the request, which is forwarded to the original requester.  This results in the browser displaying a 404 "Page not found" or "Page cannot be displayed" error. 
    • Comcast "Domain Helper" DNS servers store the unknown request and the requester, along with other possible tracking information, and returns a DNS reply to the requester that points to a private internal web server.  This web server is configured for and only called upon to serve data to what the Comcast "Domain Helper" DNS servers consider BAD DNS requests.
      • The web server, I assume, use scripts to talk to the "Domain Helper" DNS servers to obtain information on the BAD request that was made to display the correct information that will help the requester find the site they were looking for.  The web server does this by taking the IP that was led to the web server, which are stored in the web servers HTTP access logs, then with backend scripts the webserver communicates with the "Domain Helper" DNS servers and figures out what the BAD request was.  The web server compairs the requester IP with the "Domain Helper" BAD requests to match the IP, then using a comparison between the timestamps of both the BAD request, the timestamp listed in the web server access log, and a variable time shift, to compensate for response time or time drift differences between the DNS server and web server.  Once the BAD request has been correlated and a singular BAD request has been identified, the original request is inserted into a HTTP redirect request that includes the unknown request in a search string. The end result is a Comcast search page displayed to the requester with information that may or may not be pertinant to the original request.

 

 


My thoughts on the implications and usage of the Comcast "Domain Helper" service.

 

In theory, the "Domain Helper" aids the end users to get to where they want to go, even if the user called to the wrong site.  The theoretical usefullness can be realized when a user that was given or mistypes the wrong URL to a site in which they wished to visit, and in turn they are presented with a list of search results that most likely contain the actual URL in which the user actually wanted to go to.  Optimistically speaking, the user is only ONE CLICK AWAY from what they wanted, even though they were the ones that made the mistake.  We can all cope with one additional step, and sometime wish they were only one click away from the answers we seek.

 

Having stated all the potential positives I can see from having the "Domain Helper" DNS service in place, there are several serious concerns I have about using them.

 

The first concern is that the results given by the "Domain Helper" service are absolute **bleep**.  Case in point, if you try to surf up the Tom's Hardware, a computer harware review site, by fat fingering the URL of "tomsarware.com" instead of the real URL of "tomsharware.com".  The results are trash, they don't direct you to the correct URL, nor do they point you to anything that resembles any computer harware related sites.  If the results did lead to anything remotely close to what was requested I would have a very hard time arguing that the service wasn't worth the implimentation even though if were a minor aggrevation.

 

The second concern is that all the BAD request are being logged.  I don't much care about what Comcast is and isn't being logged in general, however I am seriously concerned as to how or what the information being logged is being used.  Using information internally to enhance user experience, either through streamlining services, detecting and minimizing outages, creating failover solutions, or improving resource usage, can only make a company stronger, more informed about their customers, and increase revenue.  But if this information is used to track user surfing habbits and handled poorly or stored insecurely, a red flag is instantly raised (the information could be sold to advertisers or be stolen). 

 

The third concern is if all BAD requests are being logged, who is to say that all good request aren't being logged.  This heightens my previous concerns about the usage and storage practaces of tracking information.  This would be even more helpful to Comcast if they sold user surfing habbits, or were working with direct advertisers.  Under the assumtion that Comcast is logging all requests, how are they securing this information to prevent unwanted information leakage?

 

My fourth concern is that Comcast is directing user accidents to drive ad revenue.  It is not that I don't want Comcast to make more money, but my issue is that they mask a revenue stream in what they call a Helper service.  To be honest, I think it is helping Comcasts wallet more then it is helping users.

 

Lastly, and my biggest concern, is the control of content distribution.  If for some reason, Comcast deams that a site or the content theirin is inappropriate or should be censored, they have the ability to prevent users from accessing that site by adding a default DNS block and redirecting users to either their crappy results page or worse yet, redirecting users to a modified version of the site where content has been removed or altered.  For example, what if I wanted to get a new story from CNN or FoxNews and found myself redirected to NBC News.  In theory it could be a result of Comcasts recent aquisition of NBC, and their desire to drive users to their prefered news resource and ad revenue.

 

If you don't already know, China does this at all internet gateways leading into and heading out of their country.  Read more about internet censorship in the People's Republic of China.  

 

 

Regular Visitor

Re: How to Opt-out of the DNS NXR program?

DHCP renewal update

 

My first DCHP renewal attempt returned the same DHCP information, still being assigned the "Domain Helper" DNS servers.

 

On my second attempt, I decided not to futz around, I completely shut down my firewalls external interface and flush previous DHCP lease information.  When I brought the interface back up, it automatically updated my DHCP with the non "Domain Helper" DNS servers.

 

Issue resolved...

No Comcast help required...

Now, if they didn't interfere with my internet connection in the first place, I wouldn't have had to fix what they broke.

 

I sure hope that my previous posts helps the next person that stumbles upon and wants to fix this issue.

Problem Solver

Re: How to Opt-out of the DNS NXR program?


elofstrand wrote:

DHCP renewal update

 

My first DCHP renewal attempt returned the same DHCP information, still being assigned the "Domain Helper" DNS servers.

 

On my second attempt, I decided not to futz around, I completely shut down my firewalls external interface and flush previous DHCP lease information.  When I brought the interface back up, it automatically updated my DHCP with the non "Domain Helper" DNS servers.

 

Issue resolved...

No Comcast help required...

Now, if they didn't interfere with my internet connection in the first place, I wouldn't have had to fix what they broke.

 

I sure hope that my previous posts helps the next person that stumbles upon and wants to fix this issue.


The link off the portal site is incorrect and will be corrected shortly, thank you for bringing this to our attention.  The link should be http://dns-opt-out.comcast.net which has been detailed in many threads on this forum as well as how to opt-out.  There are detailed instructions off this page on how to opt-out:  http://dns-opt-out.comcast.net/help-index.php

 

We also post our VIPs for DNS both opt-in and opt-out at:  http://dns.comcast.net

 

You can manually opt-out using the opt-out DNS VIPs as needed.

Silver Problem Solver

Re: How to Opt-out of the DNS NXR program?

Thanks elofstrand, I didn't even know I was opted in to it. Now I'm not, isn't this to do with the issue of net neutrality, where ISP's will do their best to stifle competition? To the extent of slowing down or blocking connections to sites they don't approve of.

 

I believe it's being debated now.

Message Edited by Paraniod on 02-23-2010 10:48 PM
Message Edited by Paraniod on 02-23-2010 10:49 PM
Expert

Re: How to Opt-out of the DNS NXR program?

N.M. Withdrawn..
Message Edited by EG on 02-23-2010 11:02 PM


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Silver Problem Solver

Re: How to Opt-out of the DNS NXR program?

This has nothing to do with net neutrality. DNS Helper only redirects names that don't exist. Who is the "competition" in that case?
Silver Problem Solver

Re: How to Opt-out of the DNS NXR program?

Well whatever it is I don't want it and have opted out
Silver Problem Solver

Re: How to Opt-out of the DNS NXR program?

So have I, but I don't see any dastardly conspiracy behind it. I just don't feel the need for it. If I want to do a search, I'll type into the Google field in the Safari window.
Regular Visitor

Re: How to Opt-out of the DNS NXR program?

Unfortunately, as I found out yesterday, not all of the 'Manage My Accounts' pages (and I don't mean secondary account names) have the necessary 'My devices' section. This bug necessitates an webchat or a phone call. This is why features should be Opt-In.
Silver Problem Solver

Re: How to Opt-out of the DNS NXR program?

From what I can tell, the "My Devices" section of the page has gone away. The Domain Helper option is now in the "High-Speed Internet Settings" section of the page on the "Users and Settings" tab.

 

Picture 1.png