Here's how to get real DNS set up on a Technicolor C2100T modem. This works at minimum when you're doing PPPoE (the usual method) on a C2100T modem sold or rented to you by Centurylink.
When you look up a nonexistent domain name, proper DNS service tells you it doesn't exist by returning Nonexistent Domain (NXDOMAIN).
In contrast, even on business lines, Centurylink's DNS service will snipe NXDOMAIN. Centurylink's servers (nameservers at 205.171.2.25
& 205.171.3.25
at least) return a Centurylink web server IP addresses when you should be getting NXDOMAIN.
This is done in order to serve advertisements to web browsers, under the pernicious guise of being "helpful" with "search". This breaks error detection by other applications than web browsers, since a false IP address is returned in place of NXDOMAIN.
This is a too-common practice among telcos seeking to monetize as much as they can, and damn the consequences to anyone else. It's worth getting real DNS to avoid this abuse and breakage.
Use the web GUI to make changes as follows for configuring real DNS servers.
-
Log in to the web GUI on the Technicolor C2100T (typically http://192.168.0.1/) and select "Advanced Setup".
-
Select "WAN Settings".
-
If the "ISP Protocol" menu is set to "Auto Select" and the "Protocol Selected" is PPPoE, you can safely change the ISP Protocol pop-up menu to PPPoE. This will expose additional settings.
-
In "4. Select the IPv4 DNS type", select "Static DNS". This will expose settings for modem and DHCP client "Primary DNS" & "Secondary DNS".
-
Make a note of Centurylink's DNS server IPs for later, in case you have to put them back.
-
Put your desired real DNS servers in the fields for primary and secondary
-
Apply the changes
-
Use your own DNS caching recursive resolvers.
- Typically, these won't report to others which domains you're interested in, beyond what is in the query sent to upstream and authoritative resolvers.
- Query logging is done at your option, and placed where you wish it to be saved.
- They can be configured to avoid disclosing the full domain being queried up to the roots and TLD resolvers (otherwise a privacy leak).
- They can be configured using separate services to block malware domains.
-
Use Cloudflare's public service
Server IP | Notes |
---|---|
1.0.0.1 |
Doesn't do query logging (Cloudflare is not an advertising company). Typically reachable. https://blog.cloudflare.com/announcing-1111/ |
1.1.1.1 |
Doesn't do query logging (Cloudflare is not an advertising company). Sometimes erroneously blocked upstream of you as an "example IP" by routers or by ISPs like Centurylink. https://blog.cloudflare.com/announcing-1111/ |
- Use Cisco/OpenDNS's public service
Server IP | Notes |
---|---|
208.67.220.220 |
Could track and monetize for Cisco which domains you're interested in (Cisco is not an advertising company). Provides some malware and content related domain blocking. https://www.opendns.com/ |
208.67.222.222 |
Could track and monetize for Cisco which domains you're interested in (Cisco is not an advertising company). Provides some malware and content related domain blocking. https://www.opendns.com/ |
- Use Google's public service
Server IP | Notes |
---|---|
8.8.4.4 |
Could track and monetize for Google which domains you're interested in (Google is an advertising company which keeps a dossier on you) but so far Google claims to not log beyond operational details. https://developers.google.com/speed/public-dns/ |
8.8.8.8 |
Could track and monetize for Google which domains you're interested in (Google is an advertising company which keeps a dossier on you) but so far Google claims to not log beyond operational details. https://developers.google.com/speed/public-dns/ |
This is a great resource! Thanks!