So, I have Frontier DSL service. Which means I have their ADSL service; they don’t offer a useful thing like SDSL (much like most providers). But what the do offer is DNS servers which respond to any invalid query with the IP address of one of their stupid search servers. I can’t believe that there are still ISPs out there who think it’s cool to return a result for an invalid DNS query, but I guess that’s the kind of logic that leads someone to buy Verizon’s former land line services. :/
Anyway, I run DD-WRT on my router behind the Frontier DSL router, mostly because I don’t trust any of their crap to protect my network. And I like using the embedded device as my DNS server. Out of the box, the DD-WRT device uses DNSMasq as the DNS server (and DHCP server). Reading the DNSMasq man page, I found that there’s an option to make it return “failed” when the upstream DNS returns a stupid search page like that. In my case, the upstream server returns both 8.15.7.110 and 63.251.179.15 for those bad queries.
So, to fix that, you just go into your “services” main tab on the DD-WRT admin page, click on the services sub tab, and scroll down to the text box which says “Additional DNSMasq options”. In there, paste this (substituting whatever IP you want to have trigger the “not found” response):
bogus-nxdomain=8.15.7.110
on a line by itself (you can put several lines in there, if needed, though for this you just need to pick one of the IPs returned). Click on apply, and then test a known bad domain to see if it works. Assuming you get “not found” now, you’ve resolved the problem; lookups which should fail, do fail. Hooray.
While you’re in there, add a line for your local domain so it will stop asking the public DNS to resolve stuff. Assuming you use “local.com” in your internal network (which, BTW, means you do terrible things you should not be doing), add a line (in the same box as before) that says:
local=local.com
