Forum Discussion

choprboy's avatar
choprboy
New Contributor II
6 years ago

How to get Cox to turn off DNS hijacking when "Enhanced Error Results" is already turned off?

How do you get Cox to turn off DNS hijacking when you have already disabled Enhanced Error Results? I turned off EER several weeks ago, refreshed DHCP and it pulled new DNS servers, all of which correctly replied to NXDOMAIN/malformed requests (i.e. no result). Sometime in the past week that has changed and 2 of the 4 DNS servers returned by Cox's DHCP server are now returning IPs to Cox's search results pages instead of the correct response.

Cox phone support was totally useless and told me they couldn't do anything (I think they didn't even understand the problem) and that I would have to buy Cox Total Care for $10 a month to "fix my router/computer". How can Cox's DHCP server responses have anything to do with my router? Hint... I have been a Network/Systems Engineer for 20 years... I have already done everything possible from my end...

I don't particularly want to use OpenDNS/GoogleDNS to have a set of functional DNS servers. Is there any way to get Cox to understand/fix their problem? Or do I have to setup my own DNS server?

  • viperthunder2's avatar
    viperthunder2
    New Contributor III

    i certainly dont have as much experience as you, but i wasnt even aware there were 4 dns servers. i have only ever used/seen 2 dns servers for my area (which were auto-configured by my router) and neither one of them has ever had any issues in all the years ive been with cox

    • choprboy's avatar
      choprboy
      New Contributor II

      That may depend on both the area you are in (what Cox DHCP server you are on, only Cox would truely know what options are present on the server end) and how many DNS server addresses your home router will accept.

      They Cox DHCP server I am on is currently handing me the DNS servers, in presented order: 68.105.28.13, 68.105.29.13, 68.105.28.14, 68.105.29.14

      The .28.13 and .29.14 DNS servers are currently correctly returning NXDOMAIN. The .29.13 and .28.14 servers are currently hijacking DNS requests.

      ~]$ dig @68.105.28.13   www.nonexistantmadeupdomain.com
      ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48476

      ~]$ dig @68.105.29.13   www.nonexistantmadeupdomain.com
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29495
      www.nonexistantmadeupdomain.com. 0  IN      A       92.242.140.2

      92.242.140.2 - Cox "Enhanced Results" search page

  • OpenBSD's avatar
    OpenBSD
    Contributor II

    I get the same results as you even though i have opted out of "Enhanced Error Results". I confirmed that I had opted out after logging into the Cox website and checking my account settings.

    I'm using OPNsense as my firewall and Unbound DNS server is running. When I select "Allow DNS server list to be overridden by DHCP/PPP on WAN" in OPNsense the so called "DNS hijacking" occurs. When this setting is not selected then the so called "DNS hijacking" does not occur. You're probably going to need to run your own DNS server to avoid the problem.

  • choprboy's avatar
    choprboy
    New Contributor II

    Still zero help from Cox, but someone from their network department apparently figured that there was a problem. All 4 DNS servers are now (at least for the moment) no longer hijacking DNS requests.

    ]$ dig @68.105.28.13 www.nonexistantmadeupdomain.com |grep status
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44087

    ]$ dig @68.105.29.13 www.nonexistantmadeupdomain.com |grep status
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51037

    ]$ dig @68.105.28.14 www.nonexistantmadeupdomain.com |grep status
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55150

    ]$ dig @68.105.29.14 www.nonexistantmadeupdomain.com |grep status
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29683