If you're like me, you use some local ISP for your primary, non-work, Internet connection. Since I'm in NYC, I use Verizon's FIOS service. Although it is pricey, the speeds I get are decent (by American standards).
However, Verizon does one thing that they do that I absolutely hate: THEY HIJACK YOUR DNS.
What is DNS hijacking? Wikipedia has a fairly good entry on the subject.
Basically, if you make an invalid DNS request, instead of returning an error (NXDOMAIN) to your browser as required by the Internet standards, they instead route the page to one of their own pages, usually to display advertising. This breaks all sorts of things, these are described in gory detail in the article above—but such a blatant violation of an Internet RFCs is enough to justify an outcry.
Presuming you use some sort of Unix box, there's a couple of solutions for this:
- You can change the permissions flags on /etc/resolv.conf to be immutable (chflags on FreeBSD, chattr on Linux), although I consider this to be a bit heavy handed.
- You can tell your DHCP client to not update resolv.conf (via dhclient.conf)
- But I think the easiest is way to solve this problem is to override the settings on your wireless router to send hardcoded DNS settings to DHCP clients instead of accepting the ones sent by the ISP. The added advantage here is that it works for all operating systems and clients in your subnet.
Which DNS servers to use instead? Google offers a service called Public DNS that won't hijack your DNS:
- 8.8.8.8
- 8.8.4.4
Although you should keep in mind that Google can and will use your name lookup data for advertising purposes.
Lastly, this article assumes this is for a home or personal network. If you are running a business or other organization, you really should be using your own DNS servers.