2011 Update Charter DNS servers apparently no longer have wildcard entries.

Charter decided to break their DNS servers by having them respond to non-existent domains. Apparently they started this in February 2007 but I wasn't a customer back then. This is known as setting up a wildcard DNS record (aka breaking Internet conventions). Additionally, they are implicitly forwarding our traffic to a third party site by giving us bogus information. ISPs like to do this because they get a kickback from all the ad traffic caused by typos and invalid entries.

Charter's only "solution" is to store a cookie on your computer that lasts for 2-3 months. That's wonderful. Now fix my other ports besides 80. It's a pain for me even on 80 because I disable cookies and I have many firefox profiles. I would have to do that for each profile. I don't enable cookies in most of the profiles.

Broken DNS servers

% nslookup quit.resolving.nonexistent.names.and.breaking.standards
Server:         24.197.97.135
Address:        24.197.97.135#53

Non-authoritative answer:
Name:   quit.resolving.nonexistent.names.and.breaking.standards
Address: 64.158.56.56
Name:   quit.resolving.nonexistent.names.and.breaking.standards
Address: 206.112.100.132

64.158.56 and 206.112.100.132 both resolve to ns1.auth-dns.com and ns2.auth-dns.com. Both of those are owned by domainsbyproxy.com which looks to be related to godaddy.com.

Owners of netblock

% whois 206.112.100.128                                           
MCI Communications Services, Inc. d/b/a Verizon Business NETBLK-UUNETCBLK-112 (NET-206-112-0-0-1) 
                                  206.112.0.0 - 206.115.255.255
F-SOS/F-Secure UU-206-112-100-128 (NET-206-112-100-128-1) 
                                  206.112.100.128 - 206.112.100.159

# ARIN WHOIS database, last updated 2007-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

% whois 64.158.56.56
Level 3 Communications, Inc. LC-ORG-ARIN (NET-64-152-0-0-1) 
                                  64.152.0.0 - 64.159.255.255
Co-Location.com Inc. LVLT-COLOC-64-158-56-32 (NET-64-158-56-32-1) 
                                  64.158.56.32 - 64.158.56.63
  
# ARIN WHOIS database, last updated 2007-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Blocking those IPs

If you want to stop this redirection, use different DNS servers as the Charter ones timeout a lot on me anyway. If must use their DNS servers, then block the subnets that they redirect you to:

$ iptables -A OUTPUT -o $IFACE -d 206.112.100.128/27 -j DROP
$ iptables -A OUTPUT -o $IFACE -d 64.158.56.32/27 -j DROP

or if you use *BSD and PF:

table <ad_spam> persist { 206.112.100.128/27, 64.158.56.32/27 }
block out quick on xl0 from any to { <ad_spam> }

The downside to this is that it looks like the site is down rather than not existing. The DNS server should be reporting that the site doesn't resolve.

Use a different DNS server

In addition to the above firewall rules, I'm now using different DNS servers 4.2.2.1 and 4.2.2.3 which are much faster than Charter's DNS. Charter's DNS caused a lot of timeouts and delays in my connection (quite similar to Time Warner). I use an OpenBSD firewall so I had to customize it to supersede Charter DNS servers offered through DHCP.

#----------------- /etc/dhclient.conf in OpenBSD
initial-interval 1;
send dhcp-lease-time 3600;
send host-name "myhost";
supersede host-name "myhost";
supersede domain-name "my.domain";
# Charter DNS servers break Internet standards.  Discard them.
supersede domain-name-servers 4.2.2.1, 4.2.2.3;
request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers, host-name;
#-----------------