Is it because they are....
...massively incompetent, money-grabbing bastards with little to no interest in providing a service worth a spark, let alone a light?
Just a thought, mind.
Virgin Media has declined to comment on yet another DNS outage that hit some of its subscribers on Monday night. The telco, when quizzed by The Register, admitted that it had suffered yet more downtime woe but refused to explain what was behind the company's recent network wobbles. A spokesman at the Liberty Global-owned …
Hmm. Unless VirginMedia count Nottingham as the "North East", then it most certainly was a little more widespread than that.
My devices connected to VirginMedia started playing up around 2130 last night, and were quickly fixed by tethering to my Vodafone 4G phone instead. Same thing happened on Saturday night too, but perhaps the lack of Reg staff in vulture-central on a drinkies-night meant it escaped appearing here.
I think the issue here, is more the fact that some of the routers Virgin supply, you are unable to change the DNS settings.
So for mobile devices, hardware devices, you can get quite a few issues.
Yes most of us would know how to setup a DHCP server, but you try getting Joe Bloggs to follow a youtube tutorial to do that. Oh wait no internet !!!!!
:)
I kow we're not a tech support forum but if you use their Superhub just as a cable modem and then your own router set to use opendns is that OK. I'm still on the old cable modem (& openDNS - not had any issues) but if I swap I get my current "meagre" 20Meg upgraded to 50Meg next month. (I wonder how many guys out in the sticks are now wishing they could have a VM feed even if it does have the odd outage.)
My biggest gripe with VM is the impenetrable accents of some of their support people.
OOPS read more posts and it seems yes I can do what I asked - one happy VM punter (just need then to fix that accents problem now.)
" many of the ISP's punters continue to be "seriously frustrated about the fact it's not possible to modify the router-provided DNS servers in their SuperHub
Simple enough; buy a better router and put the SuperHub in Modem Mode.
Although I think the outage was more than DNS this time, as my connection was very flakey last night but I am using Google's DNS network-wide.
It's annoying to have to buy a new router when they're supposed to provide one for free.
Also, if I'm going to buy one then I'll want to buy something good, and by the time I've found something with all the features I want it's in the £80+ range and I can't justify it any more. Ok, that part is more my problem.
ISP provided routers are all (with very few exceptions) rubbish. Settings like DNS are locked out so that those with less technical acumen don't feel the need to pratt about with them and stuff up their connections.
Of course, when it comes to times like these then this shortcoming does cause a lot of issues, but expecting ISPs to supply top-class routers for nowt isn't realistic. Anyone who wants a properly manageable router should buy one themselves and ISPs should not put any impediments in place to stop that happening.
> but expecting ISPs to supply top-class routers for nowt isn't realistic.
It's not exactly for nowt. I'm paying them >£40/month for a Tivo with otherwise most basic TV package, slowest available broadband and a phone line that I dare not use to make calls since every call I could possibly make other than the VM helpline is more expensive than it would be from my mobile phone. There's plenty of margin that could be reduced to provide a decent router. Of course, why would they.
Anyone who wants a properly manageable router should buy one themselves and ISPs should not put any impediments in place to stop that happening.
Upvote for both, although I never found any restrictions (or I possibly worked around them without thinking, because those restrictions tend to be fairly futile to start with). I *always* use my own router and access point, because *I* control those, not the ISP. No FON crap, no firmware updates behind my back, no passwords that are accessible elsewhere, no possible backdoors or monitoring, a decent firewall and a guest network that is under my control too.
ISP access points tend to be rubbish anyway - in general, they seem to limit the number of devices that can use it concurrently and they only work on 2.4GHz, whereas the 5GHz band is far less likely to collide with neighbours.
Any coincidence I got an email from them yesterday telling me I could enable the (largely pointless and broken) content filtering supposedly there to protect the children?
As for other comments, I was OK as I use the older modem-only device and my own router with OpenDNS.
This article might be of interest to the educated reader when wondering why the gov took such an about-turn on the merits (or lack of) filtering after their own consultation rejected it:
https://torrentfreak.com/the-copyright-lobby-absolutely-loves-child-pornography-110709/
I didn't notice :)
Probably because after I got fed up with the poor WiFi of the 'Superhub' I used it purely as a cable modem and after the last DNS snafu I transferred all DNS to 8.8.8.8 (pointless having more than one DNS server) as it offers the choice of either provider provided DNS details or static for DHCP.
> pointless having more than one DNS server
umm, why not set up primary and secondary DNS to come from *different* providers
when an(y) organisation's DNS goes titsup it's quite likely that it will affect both(/all) their options; this is precisely when falling back to another provider could be useful
I like having OpenDNS as a fallback option; but not as primary DNS because of what happens if a query is misspelled
FB
When I first got one, I immediately went into the settings, to setup DHCP the way it needed to be.
Couldn't do it. It forces the IP address of the internal network - you can't change it[1].
Sent the POS back as not fit for purpose, and got a discount for the next year. Then they introduce modem mode, and I was able to use a grown-up router (D-LINK). My router dishes out DNS settings, and they ain't VM, which is probably why I had to read this article to realise there was an issue.
[1]Only in the *VM* version of the superhub. Like their TiVo service, you get a nobbled box.
'When I first got one, I immediately went into the settings, to setup DHCP the way it needed to be.
Couldn't do it. It forces the IP address of the internal network - you can't change it'...
Eh? Much as I dislike the firmware on the Superhub, and VM's support (at least until you get escalated to the UK guys), you're wrong on this point.
You can set a non-default IP (I use a 172.*.* range instead of the default 192.168.0). The DHCP server only gives addresses within its local subnet, but that's no big surprise. I don't use it, 'cos I want a bit more stuff delivered by the DHCP server so I've got a full DHCP server running on my NAS box (was running on a RaspberryPi but I 'repurposed' the 'Pi). Same way as the NAS runs my primary DNS, so I don't hit VM's DNS service anyway...
They may have changed it now. But I can assure you, when I first got it (Jan 2013), you could not set the internal IP address to be anything other than 192.168.1.1 It let you put it in the fields. But when you tried to save it, it reverted to 192.168.1.1. Hence I returned it as unfit for purpose. This was before the fix which allowed you to put it into modem mode.
That the service goes tits up periodically is certainly frustrating, but what annoys the heck out of me is how useless the service status page is. Even when the entire service goes completely offline for half a day it's still reporting "Good Service". Of course it goes further, stuff breaks from time to time locally whether it be a shot amplifier or a weather related problem, but I don't think I've ever in seven years seen a fault reported when it's broken for big chunks of Oxford, not even when it flooded and the internet was hosed for three days in some areas. This is either lazy or outright dishonesty.
Maybe a more useful statistic would be to publish a live chart of the call volumes and wait times, that way customers can make their own decisions as to whether it's likely broken or not.
step 1. geeks use their esoteric knowledge and love of technology to set up an ISP and run it reasonably well.
2. well run ISP gets subscribers.
3. more subscribers join until the ISP reaches critical mass.
4. ISP is bought by "media company" and all geeks are fired and replaced with more important salesmen.
5. without routine maintenance or network upgrades going on anymore, prices can be dropped and media company can boast the price drop as evidence they're "running things right dammit".
6. soon the network stops working.
7. media company can't understand why that would happen if you fired all the people that stop it happening. Obvious solution: blame customers for using the internet too much.
8. customers start leaving.
9. media company most now buy another good ISP to get their customer base back to where it was.
10. I hate media companies.
Lost all internet access on Friday for a while (or maybe I missed that story), internet services are frequently flakey. My phone shows 'Your internet connection is unstable' message more often than not and because we only got broadband and TV, but no phone. it's almost immposible to complain to the useless b$%£%ds. This is in Birmingham, so nowhere near the North or the East, seemed OK Monday though.
Bristol area = slower than dial-up.
Switched to Google's DNS = broadband!
Obviously I checked Google's privacy policy for the DNS and I was shocked that (a) it was readable, (b) it was brief and (c) it was safe to use.
The VM status page was, as ever, useless. As was their Twitter feed. Partly because until I switched the DNS I couldn't get either to load, whereas once I *had* switched the DNS I no longer *needed* either to load.
Ah, yet again saved from any inconvenience by my setup:
Internet router (in this case SuperHub in modem mode, but previously everything from dial-up modem to cable modem to ADSL2 from several different providers in several different houses)
Forwards everything to a WRT54G that actually DOES the proper routing, DHCP, DNS caching, etc. (and also has proper, real security on it beyond what WPA2 can provide, is a VPN endpoint, DynDNS client, etc.).
Which offers everything else out to the rest of my network. Which has never needed to be renumbered, or even needed a single setting set (DHCP for everything).
Impact: Zero. The WRT54G hasn't used any ISP DNS in its life - OpenDNS, Google DNS and my own private DNSMasq running on a VPS all the way.
Impact during the previous outage: Zero.
Impact when SuperHub wireless was found insecure? Zero (the wireless isn't even switched on).
Impact when moving house / changing ISP's / sticking on a 3G dongle for an emergency connection? Zero - get an Internet connection out of a Ethernet cable somehow, shove everything down it, plug it into the WRT54G, done.
To be honest, the amount of times it saved me has paid for the router and initial configuration hassle ten times over. I thought we were supposed to be IT people on here? Having to change DNS at every computer? Haven't set a DNS setting on something that wasn't a static-IP AD DC (with deliberately hard-coded settings) in over a decade.
People moaned about the SuperHub etc. being a heap of junk - I wouldn't even know - it doesn't do anything but pass traffic, doesn't even try to *interpret* traffic, for me. And so has always just worked. The real config is on the device that's older than any of the computers that use it and has been running 24/7 all that time. And, similarly, can be replaced in a heartbeat with some bodge if something goes drastically wrong.
> People moaned about the SuperHub etc. being a heap of junk - I wouldn't even know - it doesn't do anything but pass traffic, doesn't even try to *interpret* traffic, for me.
That's just what they want you to think...
http://www.theregister.co.uk/Design/graphics/icons/comment/black_helicopters_48.png
has never had cause to complain about my VM service. Been with them since 1998 (NTL) and the only time my internet hasn't worked is when I haven't paid the bill on time. I do have 8.8.8.8 set up as secondary DNS on my main PC, though we use mobiles over wifi a lot and no one in teh house has mentioned any issues.
EDIT - Correction, i lost internet for a few days last year when scrappers stole the aluminium cover from my local junction, and the kids ripped all the wires out, and all teh local dogs peed against it, but that's hardly VMs fault
Virgin Media's SuperHub is only useful for one thing: Ethernet to Cable modem bridging. Hardware-wise it's a pretty normal Netgear 802.11n router using a Broadcom chipset which is pretty much run of the mill and OK. However, VM's 'custom' firmware practically bricks the box.
I don't use either VM's DNS servers nor do I use spoofing DNS providers like OpenDNS or Google (spoofing means if a DNS record fails it shows a page of ads by redirecting). Instead you should use a non-spoofing (or ideally, a DNSSEC) upstream DNS server. Locally on your LAN you should also use either a full (Bind / Windows with Active Directory) or a caching proxy DNS (dnsmasq) server.
DNSSEC is sort of like SSL for DNS - not so much encryption, but means the record isn't spoofed. Because spoofing DNS is easy it's normally the first thing ISP's like VM roll out to do their blocking of pr0n/piracy stuff.
There is a more honest use of spoofing that OpenDNS and Google employ by providing you with a more useful page (read ads) when a DNS query fails.
Either way, your laptop is having to talk to a server miles away that may or may not be spoofing your DNS, in order to find the IP address of each and every image and page in a web page. So don't use any of them: use your own DNS server, with trustworthy upstream DNS servers.
Upstream servers don't need to be super fast, because the speed is being covered by your local DNS server - the upstream DNS servers just need to be reliable and honest.
Sound complicated it really isn't.
So how to do this:
a) If you already use Active Directory (e.g. you log onto Windows with Ctrl+Alt+Delete), then you already have a DNS server. Configure your PDC and BDC's DNS servers (which are a requirement for AD) with decent upstream DNS servers and tell the DHCP Server to use the PDC and BDC for clients.
b) If you have a QNAP/Synology NAS, they also have DNS server capabilities.
c) If you have a spare machine or a VM able to use exclusive use of NICs for WAN connections, then install pfSense, and bobs your uncle.
d) If you only have a bog standard router, try to use DD-WRT and make use of it's dnsmasq server.
e) If you're still out of luck, there are plenty DNS servers available for Windows that run as a service or in the task tray.
The point is they're plenty available, and you will notice an immediate speed up of your browsing (particularly on Mac OS X / iOS) when using it.
So which DNS servers to use? Most people will say use Google (8.8.8.8 / 8.8.4.4) or OpenDNS (208.67.222.222 / 208.67.220.220). However, as I mentioned, they spoof DNS anyway (Google does support DNSSEC though).
The ideal servers to use are entirely dependent on your location, because the absolute fastest DNS servers will be the ones with the fattest low latency pipes to you. Thankfully, someone made a tool to do exactly that: DNS Benchmark.
1) Download Steve Gibson's DNS Benchmark: https://www.grc.com/dns/benchmark.htm. No need to install, like any proper software, just run it.
2) Open it and click 'Nameservers' tab
3) Right-click on the main list of servers, check 'Test DNSSEC Authentication'
4a) If you've used DNS Benchmark before, skip to step 5. Otherwise click the 'Add/Remove' button
4b) Click 'Rebuild Custom List' at the bottom, and click the new button also called 'Rebuild Custom List'.
4c) Wait about 40 minutes for the tool to sort through about 4200 DNS servers.
5) Go back to the 'Nameservers' tab, click 'Run benchmark'
6) Once complete, select the fastest servers you want to use - if you want DNSSEC-enabled servers, they are marked green.
A DNS Server on your network should have 2-4 upstream DNS servers. Usually when they don't have a record in their local cache, they'll request from all 4 upstream servers simultaneously and return the first successful result. Most clients will just choose the first one.
And with that, you have fast and authentic (if you use DNSSEC servers) DNS solution locally and no Virgin Media snafu's that even when it's working 'normally' it's broken.
Finally! Someone mentions using a locally installed DNS server rather than simply changing to google etc.
(Though doesn't windows cache DNS records internally these days? - unix system's don't [though individual programs could in theory]- you should point entries to a local nameserver or a standalone caching daemon)
However, why go through all that testing for local DNS servers etc. to use, when you can simply configure a standalone DNS server that is seeded with the root servers?
This is basically how your ISPs nameservers are generally setup (after all, what forwarders do you expect the forwarders to use? :-) )
If you run it on a system that isn't powered off frequently, then it will end up caching where the popular records are stored, so it can contact them direct for maximum efficiency.
You are then no longer relying on forwarders (which is also more secure, as what happens if the forwarder currently being used is compromised?)
The only static config you need then is that of the root servers, which is readily available and rarely changes. And even if an entry does change, running a nameserver in this mode means that the very moment your DNS starts up and successfully contacts a root server, it will automatically be updated with the current root-zone list. (Though most nameservers don't actually update their local on-disk copy of this information)
If you follow this route, or indeed the route you mention, as you won't be using the server to serve your own domains to the internet, I'd recommend 'unbound' over 'bind'. It's available for unix/mac/windows etc. and is more lightweight and easier to setup (especially for DNSSEC)
""However, why go through all that testing for local DNS servers etc. to use, when you can simply configure a standalone DNS server that is seeded with the root servers?"
Or just use Google?"
Or just configure a standalone DNS server that is seeded with the root servers?
[I'm assuming that we're playing - "post a reply that demonstrates that you didn't read the very first line of the post you're replying to" - or maybe I'm missing something?]
For the tech inclined its pretty simple to build a secure DNS solution using a Raspberry Pi running raspbian and dnscrypt.
Add in isc-dhcp-server and if you wanna stay in the gui world use WebAdmin for config. Had this running for years now, moved it to Pi for massive space/power saving a couple of years back.
Also makes a great openvpn server and sixxs tunnel box too, they all run perfectly well concurrently with dns/dhcp etc.
Another plus is no DNS intercept from Virgin anymore.
...and running. I only got the email about Web Safe on Monday. Nothing in the email to say it is going to be turned on, so I sent them a snotty email complaining about it. I probably won't hear anything back but at least that is one complaint they will have to read. Unfortunately their website is being messed with so only email is available, can't even turn the damn thing off yet.
As for the DNS outage, I use opendns servers so I didn't even notice. Definitely suspicious, coming so quickly after the BT DNS issue.
Now if only the Raspberry Pi came with the gigabit nics and there was a version of Smoothwall to run on it... (there might be, I have not checked)
Draytek 2820, told to use google's DNS
Windows domain, DHCP says use WinDNS, winDNS says use referance Google or a private one.
ANY DNS request that goes up my line, Virgin Media steps in.
Buying a new router wont help.
VPN it
I am moving to Plusnet anyway.
I call bluff, or misconfiguration.
I have DNS going through my own VPS, and direct to Google servers. Any machine you use on my local net you can query any nameserver you like and get the answers (if you want to be paranoid, yes, even if your DNS returns deliberately false answers just to test them).
If you're using your SuperHub, you might need to do modem mode, but I VM don't intercept DNS to anything other than their own servers from what I see (there's a variety of tests you can do here). Hell, I've read that's one of the easiest ways around their "you can't see this page because of a court order" messages, not that I've ever needed to do that.
Who's dumber, VM or their users?
Look at the commentards who change DNS providers every time VMs DNS goes down, and then switch back as soon as VMs servers are working again. How many times do Virgin's DNS servers have to play up before these idiots realise they're better off changing DNS servers or better yet changing ISPs?