cancel
Showing results for 
Search instead for 
Did you mean: 

Rogers DNS Hijacking

nlfog
I've been here awhile

I recently switched over to Rogers from Bell, and I am so far very frustrated by what Rogers is doing with this service.  First up, I found out that I can't disable the DHCP server on the Rogers modem, which.... really?  Why do that?  I've always ran my own DHCP/DNS servers.  So, not only do I have to use Rogers DHCP, but also their DNS.  So, the next step was to configure each...individual....device to use my DNS server that I want because it's my service that I'm paying for.  Still, it's not working.  While yes, I can see in my DNS server's logs that it's receiving the requests and sending them out, I can clearly see what's coming back is not what is expected.  Ads that should be blocked, are not.  I'm suddenly seeing more and more ads for Rogers services.  What...the..heck.

So, I found another post on these forums about disabling parental controls and safe browsing.  Well, parental controls are not on, safe browsing...I can't even find that setting anywhere in the stupid app they make me install.  It's not where it says it should be under connect.  Visit the website to change it?  Nope, it just tells me to install the stupid app.

So, the last ditch effort I can do here is to install my own router and change the Rogers modem to bridge mode, right?  But, then I lose the "great whole home wireless service" i was promised...and am paying for.  I also have absolutely ZERO trust that Rogers won't still hijack my DNS and feed me their ads. 

 

Is there any way to make this right?  To be able to use my own DHCP/DNS servers, and not have hardware lying around that I'm paying for but can't use because I want a shred of privacy?

 

 

***Added Labels***

9 REPLIES 9

Re: Rogers DNS Hijacking

-G-
Resident Expert
Resident Expert

@nlfog  You should still be able to use manually-configured DNS servers.  As far as I know, the only thing that causes the Ignite gateway to block/intercept DNS is if you have Advanced Security or Parental Controls enabled, since those functions issue bogus DNS responses to implement site blocking.

Re: Rogers DNS Hijacking

Joel13
I plan to stick around

I'm not sure where one would be able to edit the DNS settings. I've been running Pi-Hole on my network for years and since I've had to upgrade to the Ignite Modem, I am unable to have my Pi-Hole run as the DHCP server and I have to manually point my devices to my pi in order to have my devices properly block ads. 

I'm not sure if that's the issue that you are trying to solve @nlfog, but that's the only way that I could make it work. Leave the Router DHCP enabled, and have the pi's DNS manually inserted on your devices. Works like a charm for me. 

Joel Gallant
photography.joelgallant.ca
vero.co/joelgallant

Re: Rogers DNS Hijacking

-G-
Resident Expert
Resident Expert

@Joel13 wrote:

I'm not sure where one would be able to edit the DNS settings.


Well, that's the problem, you can't.  Comcast made a deliberate design decision to omit that option from the gateway's management UI.  I suppose that it was partially done to prevent attacks like this from happening, where malware reprograms your router to use alternate DNS servers that cause you to unknowingly visit malicious sites.  Configuring alternate DNS servers would also break the Advanced Security and Parental Controls, implementation.

 

However, I don't use Advanced Security or Parental Controls, and I configure my end systems to use alternate DNS servers, and I can confirm that it works fine.

Re: Rogers DNS Hijacking

Joel13
I plan to stick around

OK, I must have misunderstood what you meant when you wrote this portion: "You should still be able to use manually-configured DNS servers". 

Basically you are suggesting the same thing as I am - to manually enter the DNS configuration on each device in order to accomplish what they are hoping for. 

Joel Gallant
photography.joelgallant.ca
vero.co/joelgallant

Re: Rogers DNS Hijacking

nlfog
I've been here awhile

When I was with Bell, I also ran Pihole using it's custom DNS and DHCP server.  So, I was very disappointed to find out I couldn't easily do this with Rogers.

However, right off the bat I did configure my devices to manually use my pihole for DNS requests, and looking at the pihole log, I see the requests going there properly.  However, ads are now getting through where they weren't before on Bell.  There should be no difference between services if I'm using my own DNS, so obviously something is happening when Pihole goes external, and something is getting hijacked in between.  I'm also seeing many more Rogers ads, which makes me a little suspicious, but that could just be advertising platforms knowing I'm coming from a Rogers IP.

So, next thing is to see if I can test this some way, maybe a VPN or something.  Not really sure of the technicalities of it.

Re: Rogers DNS Hijacking

Joel13
I plan to stick around

Honestly, this sounds like the ads are being published by the same domain as the site that you are visiting and not a rogers or DNS issue as per such. I would recommend that you visit Pi-Hole or even the subreddit for Pi-Hole and see what they suggest as they have tools that you can use to see where the ads are being served from. 

Also, I use my VPN via piVPN with Wireguard and it works amazing and I have no ads being shown. If you want to drop a site as an example, I can test and see what you are seeing possibly. 

 

 

Joel Gallant
photography.joelgallant.ca
vero.co/joelgallant

Re: Rogers DNS Hijacking

sachasmart
I've been around

OH MY.... I am running into this now. I literally just switched over from Bell as well. 

Did you find a solution for this?

Re: Rogers DNS Hijacking

nlfog
I've been here awhile
> OH MY.... I am running into this now. I literally just switched over from Bell as well.
>
> Did you find a solution for this?

You have two options:

1. Go back to Bell. This will be the long run answer for me because I HATE this business practice from Rogers.

2. Set the Rogers modem to bridge mode. This will require you to provide your own router that you can do whatever you want with. You will also have to provide your own Wifi as once you put the Rogers device in bridge mode, you lose the wifi it provides.

I ended up picking up a used Asus router, put the modem into bridge mode and go back to using my Orbi mesh router.

Re: Rogers DNS Hijacking

Datalink
Resident Expert
Resident Expert

With an Asus router, if you're running Merlin's firmware instead of stock Asuswrt firmware, you can load an add-on titled Diversion, to block adds.  That works very well. 

 

https://diversion.ch/

 

Here's the forum for Diversion:  https://www.snbforums.com/forums/asuswrt-merlin-addons.60/?prefix_id=10

 

Fwiw, for wifi 6 devices, Merlin's latest firmware was release yesterday: 

 

https://www.snbforums.com/threads/asuswrt-merlin-3004-388-5-is-now-available.87874/

 

 

 

Topic Stats
  • 9 replies
  • 2171 views
  • 3 Likes
  • 5 in conversation