2011 Update Charter DNS servers apparently no longer have wildcard entries.
Charter decided to break their DNS servers by having them respond to non-existent domains. Apparently they started this in February 2007 but I wasn't a customer back then. This is known as setting up a wildcard DNS record (aka breaking Internet conventions). Additionally, they are implicitly forwarding our traffic to a third party site by giving us bogus information. ISPs like to do this because they get a kickback from all the ad traffic caused by typos and invalid entries.
Charter's only "solution" is to store a cookie on your computer that lasts for 2-3 months. That's wonderful. Now fix my other ports besides 80. It's a pain for me even on 80 because I disable cookies and I have many firefox profiles. I would have to do that for each profile. I don't enable cookies in most of the profiles.
Broken DNS servers
% nslookup quit.resolving.nonexistent.names.and.breaking.standards
Server: 24.197.97.135
Address: 24.197.97.135#53
Non-authoritative answer:
Name: quit.resolving.nonexistent.names.and.breaking.standards
Address: 64.158.56.56
Name: quit.resolving.nonexistent.names.and.breaking.standards
Address: 206.112.100.132
64.158.56 and 206.112.100.132 both resolve to ns1.auth-dns.com and ns2.auth-dns.com. Both of those are owned by domainsbyproxy.com which looks to be related to godaddy.com.
Owners of netblock
% whois 206.112.100.128
MCI Communications Services, Inc. d/b/a Verizon Business NETBLK-UUNETCBLK-112 (NET-206-112-0-0-1)
206.112.0.0 - 206.115.255.255
F-SOS/F-Secure UU-206-112-100-128 (NET-206-112-100-128-1)
206.112.100.128 - 206.112.100.159
# ARIN WHOIS database, last updated 2007-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
% whois 64.158.56.56
Level 3 Communications, Inc. LC-ORG-ARIN (NET-64-152-0-0-1)
64.152.0.0 - 64.159.255.255
Co-Location.com Inc. LVLT-COLOC-64-158-56-32 (NET-64-158-56-32-1)
64.158.56.32 - 64.158.56.63
# ARIN WHOIS database, last updated 2007-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Blocking those IPs
If you want to stop this redirection, use different DNS servers as the Charter ones timeout a lot on me anyway. If must use their DNS servers, then block the subnets that they redirect you to:
$ iptables -A OUTPUT -o $IFACE -d 206.112.100.128/27 -j DROP
$ iptables -A OUTPUT -o $IFACE -d 64.158.56.32/27 -j DROP
or if you use *BSD and PF:
table <ad_spam> persist { 206.112.100.128/27, 64.158.56.32/27 }
block out quick on xl0 from any to { <ad_spam> }
The downside to this is that it looks like the site is down rather than not existing. The DNS server should be reporting that the site doesn't resolve.
Use a different DNS server
In addition to the above firewall rules, I'm now using different DNS servers 4.2.2.1 and 4.2.2.3 which are much faster than Charter's DNS. Charter's DNS caused a lot of timeouts and delays in my connection (quite similar to Time Warner). I use an OpenBSD firewall so I had to customize it to supersede Charter DNS servers offered through DHCP.
#----------------- /etc/dhclient.conf in OpenBSD
initial-interval 1;
send dhcp-lease-time 3600;
send host-name "myhost";
supersede host-name "myhost";
supersede domain-name "my.domain";
# Charter DNS servers break Internet standards. Discard them.
supersede domain-name-servers 4.2.2.1, 4.2.2.3;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name;
#-----------------