Forum Discussion

philg's avatar
philg
New Contributor

DNS Hijacking (A.K.A 'Enhanced Error Results')

NOTE: Please do not lock this forum thread unless a valid solution has been proposed. If this thread is locked without a solution or reason as to why the thread is locked, I will consider COX will not fix this issue.

Problem

All invalid hostnames that are forwarded through my Cox router resolve to the ip address: 92.242.140.2 instead of properly returning a NXDOMAIN DNS response.

Troubleshooting

  1. I have changed both the IPv4 and IPv6 DNS server settings so that none of my server lookups should be contacting COX DNS servers.
  2. I have opted out of Enhanced Error Results from the internet tools section of my account settings page
  3. I have rebooted my router after applying the settings from #1 and opting out from #2
  4. I am testing DNS resolution outside of any browser (using nslookup and ping)
  5. The tooling from #4 shows that the ip address resolution is coming from 2001:578:3f::30 which is a COX owned DNS server, and is nowhere in my router configuration (I have overridden all IPv4 and IPv6 dns server addresses in #1).
Finally, if I route all of my traffic through a VPN, I do not encounter this issue, which leads me to believe there is something explicitly in the router software/firmware which is the source of this behavior.
Conclusion

Despite changing my DNS settings and opting out of enhance error results, I am still seeing incorrect DNS results returned by a COX server that my router is not set up to use.
This is not a browser issue. I am seeing incorrect behavior outside and and inside of any browser.
I have already made the DNS settings changes as suggested by other forum posts, which does not solve this problem:
http://forums.cox.com/forum_home/internet_forum/f/5/t/16006.aspx
http://forums.cox.com/forum_home/internet_forum/f/5/t/14154.aspx
http://forums.cox.com/forum_home/internet_forum/f/5/t/14649.aspx
Details
System: ARRIS DOCSIS 3.0 / PC 1.5 Touchstone Residential Gateway
HW_REV: 3
VENDOR: ARRIS Group, Inc.
BOOTR: 4.2.0.45
SW_REV: 9.1.103AA
MODEL: TG2472G
Firmware Name: TS0901103AA_051016_24XX.GW
Firmware Build Time: Tue May 10 17:42:18 EDT 2016
eSAFE 0 FW Revision: TS0901103AA_051016_ARRIS_GW

connection issues
DNS
DNS Hijacking
Enhanced Error Results

1 Reply

Sort By
Most LikedOldestNewest
Replies have been turned off for this discussion
  • Jerry's avatar
    Jerry
    Contributor II

    You'd be much better served emailing this question to cox.help@cox.com. That being said:

    Using Cox supplied equipment puts you at their mercy. If, as you suspect, your issue is firmware related, then you're beating a dead horse. Cox tests and evaluates any new or updated firmware for compatibility with their system, makes any changes they want regardless if it is a Cox supplied or customer owned device, and only then pushes it out. If they do make changes, they have a reason, from their prospective, for doing so. 

    Since it's been a full 24 hours since the original post with no reply, the following may or may not be applicable. The likely response will be the usual instructions to change DNS servers, etc. After an OP replies this did not fix the issue an assurance would be offered that the issue would be forwarded to the Cox technical team with an answer posted upon hearing back from them.

    Since you've already made the necessary settings adjustments you will possibly get advice for additional changes or double checking the ones already made. Most likely just the forward to tech dodge. After waiting a reasonable length of time the OP posts asking if any response from tech has been received. Nope, nothing yet.

    Op eventually gives up and realizes he answered his own question in the last clause of his post's preamble.