Skip to content
 

Using Firefox + NoRedirect Extension to Avoid DNS Hijacking

<rant>Yesterday Bell, my super fast ISP, started to redirect unfound urls to their own website (evil_lg_bell.pngwww.domainnotfound.ca). I have been very happy with Bell for the last few years and have been thinking of moving my cellphone subscription to them as soon as they support the android.

To Bell‘s credit they do offer a way for you to opt out of the service however when you opt out instead of returning a DNS error they you get a blank page, not very useful for me. I have a habit of typing anything I am looking for into the address bar and then letting google take over. This works very well for me if I want to visit reddit I type reddit and google seems to figure out that I want to visit reddit. If instead I type “reddit bell dns hijacking” google still seems to figure out that they do not know what I am looking for and so they take me to a search results page. This is how I brows the Internet, I do everything from the Awesome Bar (the bar in Firefox that you type your url into). And yesterday Bell broke that.

NoRedirect (Firefox Extension Link) to the rescue!

NoRedirect lets the user take control of HTTP redirects. It can be used to interdict an ISP’s DNS search redirection hijacks, preview/screen “shortened” URLs (e.g., TinyURL), stop the annoying redirection of “smart” error pages, etc. — Source

This lets me set any url mattching the following regular expression http://www\.domainnotfound\.ca/* to be interpreted by Firefox as a DNS error giving me back my Awesome Bar and my ability to type anything I want into it and have google do all of the work!

I think this is an exteremly evil move by Bell and I am quite disappointed. at least Firefox + NoRedirect has saved the way I brows my internets. But this is another step by our ISP’s to erode our digital freedoms and net neutrality and another reason to move to TekSavvy. I should not have to resort to a software solution to preserve how I browse the Internet!</rant>

20 Comments

  1. Drew says:

    Your workaround is clunkier than mine – OpenDNS. I simply set my router to use OpenDNS instead of the default Windstream DNS servers. I enjoy greater privacy, faster browsing, and a nice DNS error screen that returns helpful results for what I might be looking for; among other things.

    Just thought I’d share :)

  2. @Drew, I love the way that the Awesome Bar works taking me straight to reddit when I type “reddit” I have tried OpenDNS in the past and not been in love with it. If I had a DNS solution I would have used it.

    Thanks for the comment I should have mentioned OpenDNS however because other users may love it.

  3. Dylan McCall says:

    I am surprised you don’t consider them evil already. Have you been following the net neutrality stuff?

    http://stopthecap.com/2009/07/14/crtc-net-neutrality-internet-overcharging-throttling-hearings-a-complete-guide/

    I found this somewhat entertaining: http://www.michaelgeist.ca/content/view/4205/125/

    Interestingly enough, domainnotfound.ca doesn’t seem to do anything for me (from Telus), although the domain is definitely registered.

  4. [...] Continue reading here: Edward Andrew Robinson » Blog Archive » Using Firefox + NoRedirect … [...]

  5. norsetto says:

    From the bottom of my heart, THANKS

  6. @Dylan as I said this is another step to eroding our digital rights. This one pissed me off the most so far.

    @norsetto Your welcome!

  7. I also use Bell and annoyed by this DNS hijacking. I used a different approach: make all calls to domainnotfound.ca to point back to 127.0.0.1. http://www.josesandoval.com/2009/07/block-bells-or-rogerss-dns-hijacking.html

    BTW, I’m surprise people use OpenDNS. Have you read their privacy statement? They will sell everything http://www.opendns.com/privacy/

  8. @Jose I will give the OpenDNS privacy policy a read! Also that is a great way to block them. Again my problem is that I liked the features for firefox that let me type my searches into the location bar then have them redirected to a search engine of MY CHOICE.

    But it is great to read everyone else’s solutions.

  9. Another argument against DNS hijacking is that it breaks (some?) VPNs.

    I tried using OpenDNS at some point, which provides this “feature” by default, and my father was unable to connect to his work VPN. It took me months to notice. Thankfully, OpenDNS lets you disable it.

    One option is running your own DNS server. On a Debian/Ubuntu machine it’s as simple as sudo apt-get install bind9 and setting the nameserver to 127.0.0.1 in /etc/resolv.conf. Of course, if you’ve got a DHCP server (everybody should ;) , it’s better to convince it to also do DNS.

  10. Dave says:

    I tried your fix, but I am not sure of the syntax you used to enter it into the NoRedirect Options. Could you shed some light on it for me?

    Thanks, this is an invasion of our privacy. Its akin to having any requests to a gaming site redirected to HP Games, or equivalent. Completely wrong.

  11. I’m a Teksavvy customer now. No problems for me.

    But I was with Rogers last summer when they started DNS hijacking (one of the last straws…). The only problem with the Firefox NoRedirect solution is that it doesn’t actually fix the broken DNS for your internet connection, only for Firefox. OpenDNS sucks with the default configuration, but with enough fiddling around (basically, disabling all the “features”), you can turn off their DNS redirects too.

    I switched our router to use OpenDNS, but eventually Rogers caved a little bit and offered an alternate DNS server that performs to spec. I ended up just switching to that. Maybe Bell will do something similar? (I wouldn’t hold your breath…)

  12. yoyoyo says:

    Thank you so much!
    Was so pissed off about this on Friday when it kicked in.

    Haven’t tested this yet. Hope it works.

  13. [...] there is nothing I can do. Firefox users can use an extension called NoRedirect, as mentioned  in this blog. People are not happy, generally. Unfortunately this hasn’t become a trending topic on Twitter [...]

  14. [...] Edward Andrew Robinson » Blog Archive » Using Firefox + NoRedirect … [...]

  15. Dave says:

    Thanks a bunch. Working perfectly now.

  16. Anonymous says:

    Bell will be implementing a network based opt-out shortly. This will allow, those that choose it, to not use the Bell search page and receive the original NXDOMAIN that power-users rely on.

    Keep in mind that Bell had best intentions in mind, by implementing a search page (similar to the google search you mention). Remember that not everyone uses Firefox and the “awesome bar”.

    I disagree with your comment on how this goes against net-neutrality, since IE and Firefox have been “hijacking” your incorrectly typed URLs in the address bar for years now. Though, I will agree that the correct opt-out solution should have been available when the feature first launched to leave you still with a choice.

    Disclaimer: I work on the project that will be implementing the opt-out solution.

  17. @Anonymous
    Thanks so much for the feedback and its great to see bell implementing a network based opt out. I think its great when companies listen to user feedback and evolve, and I would love and welcome official (or unofficial) feedback.

    I hope bell had the best intentions when doing this but even that is scary that they failed to understand the Internet and how it works.

    The reason I would consider the Bell hijack a net-neutrality issue and not the browsers is because bell is affecting the network and my browsers are not. Bell was also going against a network standard that applications relied on to provide useful features to users.

    I would love to here more about this new solution when it is deployed by Bell.

    Cheers

  18. Andy says:

    @Anonymous: The Bell opt-out is bogus. What you opt-out of is the search results. In reality what they do in this context is keeping hijacking your DNS searches, but instead of the search results they display a domain not-found page that badly emulates your browser’s error page. Change your browser’s ‘user agent’ to see what I mean.

Leave a Reply