Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to disable the very little-known AT&T setting that can appear to hijack your home DNS lookups and redirect to 104.239.207.44

How to disable the very little-known AT&T setting that can appear to hijack your home DNS lookups and redirect to 104.239.207.44

Issue

DNS queries on home network suddenly resolving hosts to 104.239.207.44.

Symptoms

You will see SPORADIC mis-resolutions of EVERYTHING to that 104.239.207.44 address if their crappy router happens to hear your PC's DHCP request - EVEN IF ANOTHER DHCP SERVER ON THE NETWORK assigns the ultimate address.

Do an IPCONFIG /ALL on the PC in question, and look carefully only at the DNS SERVER line....and note it is wrongfully THE ATT ROUTER (192.168.1.254 in my case)!.  In almost every case, simply preforming a IPCONFIG /RENEW right there and again performing the /ALL, will then correctly show that YOUR DHCP SERVER'S ASSIGNED DNS SERVER is now listed.

Cause

Now, what REALLY took friggin digging including phone calls to finally find an engineer to let the cat out of the bag is why the "104.239.207.44" address?  Where is that coming from?

So my bet is you also don't know that by default AT&T has taken upon itself to forcibly inject it's own DNS server (as the router) with the latest round of firmware and unless you TAKE ACTION TO OPT-OUT, will intercept your DNS queries via new changes in router firmware pushing out the router as DNS server.

AT&T's VERY HIDDEN "helper" redirection for DNS that YOU MUST OPT-OUT of is named "DNS Error Assist" which causes this unwanted behavior.

Solution

Here is how to disable AT&T's "DNS Error Assist" service on your account. 

NOTE, this does NOT fix the recent router firmware issues that also re-enabled IPv6 without notifications that is also allowing THEIR ROUTER to continue to hand-out DNS even when you set a single IP pool range for DHCP with a non-existent reservation (which should in effect kill all DHCP on their router from handing out ANYTHING). This appears to be a firmware issue with no known current workarounds other than to take precautionary measures to ensure your DHCP replies first.

  1. Navigate to att.com and in the upper-right LOGIN
  2. Click YOUR NAME, then VIEW PROFILE
  3. Click "Communication preferences".
  4. Click "Privacy Settings".
  5. Click "DNS Error Assist " and FRIGGIN CLICK OPT-OUT!!  This is what is redirecting (via the router) your DNS queries ACTIVELY TO THEIR SERVER (104.239.207.44 is an AT&T address via Rackspace).

(OPTIONAL):  While there, you may also choose to click "External Marketing & Analytics Reports", "Relevant Advertising", and "Enhanced Relevant Advertising" and also OPT-OUT of all of those that they also DO NOT TELL YOU THAT YOU HAVE ENABLED ON YOUR ACCOUNT.

Note this is actually a per-use back-end server setting and as you will see the DNS setting says it can take up to 24hrs whereas the more "typical" privacy crap of the advertising etc. will tell you up to a week to be effective, further supporting that the "DNS error assist" is an infrastructure-based setting being pushed to your router that they not only know they have recently put into place, but have the ability to disable.

@aaronp24
Copy link

aaronp24 commented Jun 29, 2020

I've tried disabling this several times. Sometimes I see this error, sometimes I see a slider labeled U_BANS and sometimes I see a slider with the proper label. Toggling it off does absolutely nothing, AT&T continues to hijack invalid DNS names no matter what I set it to.

@dominicx254
Copy link

dominicx254 commented Jun 30, 2020

Yeah... I can't make the changes either. Thanks for the Mac Settings... I'm new to a Mac, so I don't know if it will work.

@ksylvan
Copy link

ksylvan commented Oct 4, 2020

This saved me a bunch of time and also made me aware of these evil settings. Thanks!

@mstevetodd
Copy link

mstevetodd commented Oct 21, 2020

Thank you for posting this. Was a real nuisance using my company vpn.

@benkimpel
Copy link

benkimpel commented Dec 10, 2020

@MisterMeanor
Copy link

MisterMeanor commented Jan 7, 2021

Thank you so much for this @CollinChaffin! The navigation has changed a bit since this post.

  1. After you have logged in, you just click the Profile icon. There is no "Your Name".
  2. When you click "Privacy Settings", it opens a page that is blank. Nothing else. I guess opting out is the only privacy setting? Also, I see no way to opt back in (not that you'd ever want to).

But it did work and I've managed to opt out!!!

Again many thanks!!!

@jbrown7815
Copy link

jbrown7815 commented Mar 6, 2021

Thank you so much for this, who would have known... even when I manually set my DNS in Windows it shows them 2 + ATT's...

@brendandebeasi
Copy link

brendandebeasi commented Jul 21, 2021

For those of you not finding the page directly, all the opt-outs are here:
https://cmp.att.com/cmpportal/

@alice-cash
Copy link

alice-cash commented Aug 14, 2021

I wish one could PR a gist. @brendandebeasi has the right answer

@jonnyabe
Copy link

jonnyabe commented Sep 16, 2021

You sir, are the friggin man! Been trying to get remote access to Home Assistant for the past week with no luck until now.

@brendandebeasi
Copy link

brendandebeasi commented Sep 16, 2021

@jonnyabe Didn't realize this could affect Home Assistant as well! Whew...

@jonnyabe
Copy link

jonnyabe commented Sep 16, 2021

@brendandebeasi Yep! I'm don't claim to be a networking genius, but I thought I was going crazy.

@davidlick
Copy link

davidlick commented Nov 1, 2021

THANK YOU. I recently installed a Pi-hole and have had very strange DNS resolutions like https://github.com resolving to 8.8.8.8. No records set up in Pi-hole like that, no DNSMasq customizations, nothing on my router. I've kind of been pulling my hair our about it but this fixed the problem for me!

@nathan-alden-sr
Copy link

nathan-alden-sr commented Nov 1, 2021

BTW, AT&T has apparently fixed their broken opt-outs. I was able to unsubscribe from all marketing and hijacking. The relevant one:

image

Oh, and here's a friendly message from AT&T:

image

They're working hard to protect me. I feel so loved.

@karolisr
Copy link

karolisr commented Nov 18, 2021

Here's the URL with the settings to save a few https://cprodx.att.com/cmp/cmpportal

Thank you so much!!! The link still works 2021/11/17

@rockoncali
Copy link

rockoncali commented Feb 8, 2022

Thanks so much for this!

@Mementh
Copy link

Mementh commented Mar 15, 2022

Sadly no longer working 2022/03/15 with me at least

@brendandebeasi
Copy link

brendandebeasi commented Mar 15, 2022

@Mementh
Copy link

Mementh commented Mar 15, 2022

@Mementh The new URL is https://cmp.att.com/cmpportal/

"Our system doesn't seem to be cooperating. Sorry for any inconvenience. Please try again later" :(

@bsanders
Copy link

bsanders commented May 12, 2022

I got the exact same message today as @Mementh, but I figured out the problem with the help of ATT customer service. TL;DR: use Chromium instead of Firefox

Today the path is:
www.att.com
"Account" / "Sign In"
See Profile (right under your name, just above your "Total Balance"
Scroll down to "Data & Privacy"

"Enhance relevant advertising settings" and "Privacy settings" both lead to the same error message:

Our system doesn't seem to be cooperating. Sorry for any inconvenience. Please try again later

After getting on the embedded chat and then on the phone, we determined that the website works in Chromium, but doesn't in Firefox. No idea why. At that point I was able to get in and disable the DNS hijacking.

@mcmar
Copy link

mcmar commented May 15, 2022

I've followed the instructions providede by @bsanders in both Chrome and Edge on Windows. In both cases, I'm not able to click on either "Enhance relevant advertising settings" or "Privacy settings". In both cases, the page simply loads forever.

I haven't found any solution to disable DNS hijacking as of 2022-05-14.

@bsanders
Copy link

bsanders commented May 16, 2022

Bizarrely, I just tried again on my personal laptop (but at work) from Firefox (v96, running v99 at home). Here it works right away. Now I'm really confused. Running Ubuntu 21.04 on the laptop; KDE Neon (based on Ubuntu 20.04) at home. I'll check again when I get home, but I refreshed the page on Firefox after getting it working on Chrome and it still wasn't working there.

Could it be some kind of flag on the account that CS flipped while talking to me? Could it be the network I was connecting from?

Edit, 5/17/22: it's working from Firefox on my home network now. I'm baffled.

@binodluitel
Copy link

binodluitel commented Jun 8, 2022

Thanks for the info. It helped me resolve my issue with k3d and docker DNS resolution. Here is the issue and the resolution k3d-io/k3d#1057 (comment)

@rhutch117
Copy link

rhutch117 commented Jul 6, 2022

Just to update, this was still working for me as of 2022-07-5.

@crowlsyong
Copy link

crowlsyong commented Jul 10, 2022

also this

...assuming you don't like being tracked

  1. Click back to your settings page ( for me, it's here: https://cmp.att.com/cmpportal/ )
  2. Relevant Advertising / disable
  3. Enhanced Relevant Advertising / disable
  4. External Marketing & Analytics Reports / disable

I had no idea ATT was collecting 'anonymous data' about me. Definitely going to scour my account settings to turn off all the privacy invasion/trackers that I can find.

@nathan-alden-sr
Copy link

nathan-alden-sr commented Jul 14, 2022

Yes, there now seem to be additional tracking options added.

@saltyollpheist
Copy link

saltyollpheist commented Aug 3, 2022

@Mementh The new URL is https://cmp.att.com/cmpportal/

Managed to hunt down and find this manually but just wanted to say as of August 2022, this direct link still works. Thank you everyone.

@jbrown7815
Copy link

jbrown7815 commented Aug 8, 2022

I originally disabled some of this stuff back in March, 2021 as seen above... just decided to look again and ALL 4 were back on... may be worth checking out people! https://cmp.att.com/cmpportal/ is the link. Originally I dont think it was that easy.

4 things you need to disable:

image

@dipique
Copy link

dipique commented Aug 11, 2022

Man this company sucks. Why do ISPs always suck so much.

@VaporLoq
Copy link

VaporLoq commented Sep 16, 2022

Thank you @CollinChaffin and @brendandebeasi !
https://cmp.att.com/cmpportal/ is still valid as of 09/16/2022.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment