Finding ISP's default gateway when behind a router

[MrK6]

Hello, I imagine this is easy and I'm just missing something, so hopefully the gurus can point it out. I'm trying to set up a static IP on my router for several reasons (hosting teamspeak/vent, selecting my own DNS, Charter sucks, etc.). However, I don't think I'm entering the right default gateway, so when I apply settings I don't get a connection. Ipconfig/all doesn't help because it just points me to the router (192.168.0.1). I tried running a traceroute and plugging in the first and second entries, but that didn't work. There's actually about 4-5 entries listed under my ISP, so I'll be trying those in the meantime.

The other thing is do I need to apply an IP mask (255.255.255.255 for example?) or is leaving it at 0.0.0.0 fine? My router doesn't disallow it, like all the other fields.

Thanks for any insight.

 

[VirtualLarry]

If you truely have a static IP from your provider, then they will also provide you with the IP of your default gateway.

Methinks that you are trying to set up a static IP on your own, without ordering one from your ISP. This is a big no-no.

 

[MrK6]

If you truely have a static IP from your provider, then they will also provide you with the IP of your default gateway.

Methinks that you are trying to set up a static IP on your own, without ordering one from your ISP. This is a big no-no.

It's not that I want a static IP, more so just to trick my router into allowing me to assign a custom DNS. I already have a dyndns.org account that takes care of routing for vent/teamspeak, but there's a couple of add-ons I wanted to fool with that would have used this other setup (this isn't the focus here).

To elaborate, Charter internet is awful. If it wasn't dirt cheap for the speeds I get, or if FiOS was available in my area, I would switch. The biggest problem is the spotty DNS service which makes it difficult very difficult to browse the internet efficiently and effectively. Sometimes resolving a single page takes 30+ seconds, and it gets exponentially worse when loading multiple pages/tabs (for instance, opening a previous session in Chrome). My modem/router/WAP (Motorolla SBG6850) seems to override any settings I punch into Windows IPv4 config, so I need to set this up within the modem software. The problem is that if I leave it configured for DHCP, it won't allow me to assign/redirect to another DNS (like OpenDNS or Google). The only way those options become available is by switching it to static IP mode. Therefore I'm looking for options beyond buying a new modem, hoping there's a way to configure this to bypass my ISP's DNS servers.

 

[VirtualLarry]

So, in short, you are going about this entirely the wrong way. Ditch the idea of setting a static IP, if you are not actually a static customer from your provider.

Is your cablemodem a router, or do you have a separate router?

You might need to configure your modem as just a bridge, and then use a seperate router. Just punch the DNS servers into the router, and that should be that.

I'm confused why it would be overriding the DNS servers punched into Windows. If that is really happening, then it is possible that your ISP is doing that, and not just your modem. They might be proxying and intercepting port 53 requests, and handing them off to their DNS servers internally, instead of just allowing the request to be transmitted to the internet normally.

If your ISP is really doing that, then there is nothing that you can do, short of getting a new ISP, or subscribing to a private HTTP/HTTPS proxy service.

 

[MrK6]

So, in short, you are going about this entirely the wrong way. Ditch the idea of setting a static IP, if you are not actually a static customer from your provider.

Is your cablemodem a router, or do you have a separate router?

You might need to configure your modem as just a bridge, and then use a seperate router. Just punch the DNS servers into the router, and that should be that.

I'm confused why it would be overriding the DNS servers punched into Windows. If that is really happening, then it is possible that your ISP is doing that, and not just your modem. They might be proxying and intercepting port 53 requests, and handing them off to their DNS servers internally, instead of just allowing the request to be transmitted to the internet normally.

If your ISP is really doing that, then there is nothing that you can do, short of getting a new ISP, or subscribing to a private HTTP/HTTPS proxy service.

Thanks for the reply. My ISP, Charter, is rather infamous for DNS hijacking - https://www.google.com/#hl=en&safe=...,cf.osb&fp=ecb6a798695883bc&biw=1185&bih=1437 . It redirects Window's requests, but I was hoping that entering in DNS servers manually would allow me to bypass Charter's redirection. It's more of trial to see if it's possible/where the hijacking occurs. Thanks for the info on intercepting requests. I hope that isn't the case, but if it is, am I pretty much done? I wouldn't bother subscribing to a proxy/tunneling service for this.

 

[theevilsharpie]

In Windows, you can manually assign DNS servers while still using a DHCP address.

 

[Gonad the Barbarian]

I'm on Charter and am using OpenDNS. I have it set in my router.

 

[MrK6]

In Windows, you can manually assign DNS servers while still using a DHCP address.

And it's still being redirected, so it might be a more upstream problem like VirtualLarry mentioned.

 

[Gryz]

Never knew ISPs did this sort of slime to their paying customers.
http://en.wikipedia.org/wiki/DNS_hijacking

The hijacking can be done in two places.
1) On your home router. Then you have a fighting chance.
2) On a router somewhere in your ISPs network. They can just do it on their customer-aggregation routers, and redirect any traffic to port 53 (dns) to one of their own DNS servers. If they do it here, there is nothing you can do. Besides getting yourself another ISP. (Which I would do immediately).

Now suppose the hijacking is done on your own home router.
As you figured out, setting the DNS server manually is an option. Now you need to also figure out how to set your IP address, mask and the default gateway.

Log in to your router, when you haven't changed the settings. What is the IP address ? What is the netmask ? Write them down. Now from your PC, do a traceroute to any webserver on the Internet. What do the first 3 lines say ? Now do it again, but use the -d flag. Tracert -d www.google.com.

The -d flag gives output without converting to domain names. It gives you IP addresses. The first IP address is the IP address of the ethernet (or WiFi) interface of your home router. Correct ? The second line should give you the IP address of the WAN interface of your ISP's access router. Usually this should be +1 or -1 to the IP address of the WAN interface of your home router. (Although it can be further away, e.g. when on cable).

There you have it.
The IP address of the WAN interface of your ISPs access router is the IP address you want to use as default gateway in your home router's static configuration. That's on the 2nd line of your tracert -d output.

If I were an ISP, and I'd do DNS hijacking, I'd do it on one of my own routers. And you wouldn't be able to do much. Maybe there are workaround involving tunnels, encryption or VPNs. But that requires you having access on some machine outside your house, and might not be trivial to do. Good luck.'

Oh, about setting static IP addresses. Yes, you need to have an IP address that never changes (or hardly ever changes). Some people think you're getting a random IP address out of a pool. That was the case 15 years ago with 56k dial-in modems. Nowadays different ISPs do it differently. I don't see any reason why an ISP would not assign a fixed IP address to a certain customer. I would do it that way. In fact, all ISPs in my country (dsl and cable) give their customers fixed IP addresses. I think I still have the same IP address that I got in 2003. True, ISPs can renumber from time to time, but usually there's little reason.

 

[dawks]

And it's still being redirected, so it might be a more upstream problem like VirtualLarry mentioned.

Yea static IP on the router has nothing to do with DNS performance. And without getting a legit static IP from the ISP, you're only going to cause MAJOR headaches for yourself and others using the ISP.

I'd highly doubt that they are high-jacking *all* DNS requests. That seems like ISP suicide.

Set your DNS servers on your computer to 4.2.2.1 -through- 4.2.2.6, then elevate a command prompt to Administrator and run ipconfig/flushdns. Then check again. The verizon/level3 servers don't do redirection like OpenDNS does.

You can grab GRC's DNS Benchmark and it will tell you if a DNS server is redirecting domains. If every single DNS server in the test is being redirected, than yes, Charter is hi-jacking all DNS requests, and I'd switch ISP's immediately.
If only some are being redirected, then you're computer is likely misconfigured.

 

[MtnMan]

Charter isn't hijacking my DNS (OpenDNS) as I often get messages from them on a typo or it a link is to a blocked site (either my setting on OpenDNS, or part of their filtering).

Setup DHCP on your router with the IP of the DNS servers of your choice, and be sure and uncheck Use DNSMasq for DNS setting.

You should also be able to see the ISP's gateway by simply looking at the WAN IP address, mask and gateway on the WAN status page.

 

[stuartl89]

If your just looking for some stable/fast dns servers that are free to use:

https://developers.google.com/speed/public-dns/

 

[Ichinisan]

Go to the Basic/WAN setup section in your router and use 8.8.8.8 and 8.8.4.4 (Google's OpenDNS) as your primary and secondary DNS. Leave the connection type set to Dynamic/Automatic/DHCP.

Change Windows back to obtain DNS automatically and restart your system. Open a command prompt and type ipconfig /all. You should see your router's LAN IP or 8.8.8.8, and you're good-to-go.

 

[imagoon]

I hate DNS hijacking. My local ISP does it for the root servers which screws over exchange since every address resolves with a stupid "Yahoo search." However they ignore 4.2.2.1 - 4.2.2.6 and Google so far.... So I have to use redirectors in the DC at that point.

 

[SonicIce]

With time warner road runner you can disable hijacking in a preferences page if u see the link,
http://dnssearch.rr.com/prefs.php
So look around your hijacked page for any little links that might let you disable it like "why am i here" or "what is this page" or something

 

[imagoon]

With time warner road runner you can disable hijacking in a preferences page if u see the link,
http://dnssearch.rr.com/prefs.php
So look around your hijacked page for any little links that might let you disable it like "why am i here" or "what is this page" or something

Yeah that only works if you are using a browser with a cookie. And actually all it does is make the false DNS query fail on the browser. Mean while nslookups keep being redirected all day.

 

[Ichinisan]

Yeah that only works if you are using a browser with a cookie. And actually all it does is make the false DNS query fail on the browser. Mean while nslookups keep being redirected all day.

Are you sure it works that way? If they use semi-static IPs like most cablecos, they could make it so nslookup for invalid domains will correctly fail.

Theoretically, this redirector system could even cross-reference the DHCP table and associate your preference with the WAN MAC of your CPE device (if they really want to do this the right way).

 

[imagoon]

Are you sure it works that way? If they use semi-static IPs like most cablecos, they could make it so nslookup for invalid domains will correctly fail.

Theoretically, this redirector system could even cross-reference the DHCP table and associate your preference with the WAN MAC of your CPE device (if they really want to do this the right way).

When I toggled it, firefox redirected me to an IE6 "404" page. Basically someone grabbed it and made the redirect hit a fake page.

 

[SonicIce]

Yeah that only works if you are using a browser with a cookie. And actually all it does is make the false DNS query fail on the browser. Mean while nslookups keep being redirected all day.

i dunno, man. i cleared my cookies and i dont get the redirected page anymore