Check out AT&T's Valentine's Day Gift Guide for ideas & deals on the new Samsung Galaxy S23!
Get superfast AT&T Fiber internet
A

New Member

 • 

5 Messages

Thursday, July 22nd, 2021 8:03 PM

ATT Hijacks all DNS and no way to disable it

ATT equipment blocks all DNS queries on port 53 so there is no way to use your own DNS server config on a local machine or local router. All requests on port 53 get hijacked and routed to ATT DNS servers. Disabling the setting on the ATT website for the hidden “DNS error assistance” did not do anything. The supplied modem firmware does not have any customizable DNS server settings so impossible to change there. This is an huge invasion of privacy and security by ATT just so they can build profiles on all their users for advertising.  Will be leaving ATT if this is not fixed ASAP.

JefferMC

ACE - Expert

 • 

31K Messages

2 years ago

ATT equipment blocks all DNS queries on port 53

Um... proof?

AT&T's Gateway will hand out its own IP as the DNS Server in DHCP requests, but  it will also gladly pass UDP 53 requests not directed at it to their requested destination.

For fun, on a Windows machine do this:

NSLOOKUP
set type=all
server 8.8.8.8
google.com.
server 192.168.1.254
google.com.

Notice the very different outputs.  Note that the output wouldn't be different if your Gateway was trapping the request.

(edited)

New Member

 • 

5 Messages

2 years ago

Easily proved by putting your own servers in your local config, e.g. OpenDNS servers then test if it’s actually being used (openDNS.com/start) It won’t be.  It blocks all upstream DNS request even from your own router. This is a well known issue and has been happening for years. 

JefferMC

ACE - Expert

 • 

31K Messages

2 years ago

I just proved to myself, using the test I just provided above, that it is not happening.

The hijacking you speak of is not well known, because it is not happening.  What is happening is that you cannot make the Gateway handout any IP but its own as the DNS server in DHCP responses, but there are work arounds for that.

(edited)

New Member

 • 

5 Messages

2 years ago

https://gist.github.com/CollinChaffin/24f6c9652efb3d6d5ef2f5502720ef00

As you can see it is happening at least on the latest equipment we are using. Maybe you are using different equipment. 

JefferMC

ACE - Expert

 • 

31K Messages

2 years ago

Oh, well, if you haven't turned off Error Assist, then you're going to get different behavior than if you have it on.  Note that the post you reference only says it happens if you let your Gateway be your DNS resolver.  And it gives you a way to turn it off.  So, pretty much everything you said in your first post is inaccurate.

Why would you leave Error Assist on?  Honestly, I turned it off day one and forgot about it.  

(edited)

New Member

 • 

5 Messages

2 years ago

As I said in the original post I DID disable the Error assist and waited days and there was no change whatsoever. The post said that the newer firmware does not obey this Error Assist command which is consistent with my results. Also,  commenters in that postshow that even setting their own custom DNS settings does not fix this:

”NOTE, this does NOT fix the recent router firmware issues that also re-enabled IPv6 without notifications that is also allowing THEIR ROUTER to continue to hand-out DNS even when you set a single IP pool range for DHCP with a non-existent reservation (which should in effect kill all DHCP on their router from handing out ANYTHING). This appears to be a firmware issue with no known current workarounds other than to take precautionary measures to ensure your DHCP replies first.”

Thank you so much for this, who would have known... even when I manually set my DNS in Windows it shows them 2 + ATT's...”

”Thanks @brbeaird I also have the Motorola BGW210-700 and have been trying to figure out why turning off DNS Error Assist does not work.
Does ATT have any plans to fix this, do you happen to have a direct line to complain?
Can anyone recommend an alternative modem?”

JefferMC

ACE - Expert

 • 

31K Messages

2 years ago

W/E.

thechef1

Tutor

 • 

70 Messages

4 months ago

JefferMC is correct.

AT&T does NOT intercept port 53 requests which you have explicitly directed your equipment to. If you have not setup your equipment properly then you will get the default servers used by the AT&T equipment.

New Member

 • 

1 Message

2 months ago

@thechef1 the AT&T gateway may not be hijacking (except for the Error Assist) but it is defiantly acting as a 'Man in the middle' for all DNS requests.  I run a PiHole as my DHCP & DNS and I have verified that all my devices have the right DNS, yet EVERY SINGLE request in the PiHole logs comes from "unknown784558477392.attlocal.net" instead of the device (like it did when I had my Netgear router on another ISP)

It is a slippery slope from intercepting to hijacking... 

 

JefferMC

ACE - Expert

 • 

31K Messages

2 months ago

So... what device is "unknown784558477392.attlocal.net" ( or "unknown0805810d3a31.attlocal.net" or "unknown2cb8edbf8951.attlocal.net", since although you said they're all coming from the first one, there are several in your provided log)?

Looks to me like a name made up by your Pihole.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.