Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So what happens if a CenturyLink customer is not using their DNS, and using for example Google's DNS. They will suddenly have their internet disabled and will never see this page, where they have to click "OK" to reconnect their internet.


They will probably forward all DNS traffic to their own resolvers by just changing the destination IP of any UDP traffic to port 53.

This won't work with DNSSEC or encrypted DNS though.


It'll work just fine with DNSSEC for the overwhelming majority of sites on the Internet, since virtually none of them are signed and DNSSEC doesn't actually encrypt traffic.

Encrypted DNS, though, like DoH or DNS-over-TLS or DNSCrypt, stops this cold.


The tldr section of the article says that's not the case.


It wasn't the case for me, however I'm not exactly sure how they've implemented this DNS hijacking and if I was just an exception or the rule. Other people using custom DNS seemed to have a similar experience from what I read on reddit though.


You could argue that they are failing to notify customers who do not use their DNS, and aren't complying with the law. Email or a notice on their invoice would not have had that problem.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: