MacInTouch Amazon link...
Channels
Products, Questions
I have a new twist on what I thought was phishing or spam that I want to share with all of you here on MacInTouch.

I have been using AT&T ever since they took over SBC Global many years ago. Just recently I've been getting unusual pop-up windows in the center of my display that look bogus. It happens when I turned WiFi back on from the menu on OS X 10.10 Yosemite. I have been turning WiFi off and on a lot lately (several months) but only found these pop-ups within the past week. The top of the window has a banner-like area that so far always starts with:

Sorry, the page you were looking for does not exist or is not available. We performed a web search for “Apple IPhone Cell ____ ____” and here’s what we found.

The text in the underscore areas are misspelled words like "Lund" or "Lhdn". Below that there are assorted real-looking links to AT&T, Verizon, Amazon, etc.

I chose to open the Terminal and run top then found the culprit was the captivenetwork process, so I sent a kill command to stop it. But the pop-up may return seemingly at random. I also tested this on a new plain user account and got the same result.

I finally looked closer at the screen captures I took and saw that the real culprit is AT&T's dnserrorassist.net URL.

There is an Opt-Out button on the pop-up window, but I haven't clicked on it nor anything in that pop-up. Some folks posted complaints about this some years ago and reported mixed success in opting out. I'll probably click Opt-Out the next time but it really looks like phishing or spam or something similar.

We use an Airport Extreme base station that's a few years old and has the current firmware. That base is wired to the AT&T 2Wire gateway that gets us to the web.
 



I finally looked closer at the screen captures I took and saw that the real culprit is AT&T's dnserrorassist.net URL.
A lot of ISPs have started implementing this brain-dead nonsense.

They configure their DNS servers so every failed lookup results in the IP address of one of their web servers. The idea is that if you type in a URL with a bogus domain, you'll see a search page that will (hopefully) contain useful alternative URLs.

The problem, of course, is that the Internet is more than just web browsing. Systems like this mess up every other protocol that may be used (e.g. mail, FTP, SSH, file sharing, remote access, and countless others). These apps don't use HTTP at all - when they get a bad domain name, they expect a DNS error, allowing them to present an appropriate error to the user. When the bad domain name results in an IP address, they try to connect to that address, which is flat-out wrong. If you're lucky, the ISP's web server rejects the connection, causing the app to present a confusing error (where it thinks the address is correct, but the remote server is unavailable). If you're unlucky, the ISP's server accepts the connection and your app starts talking to the wrong server - hopefully, there will be some kind of security certificate that can detect the unwanted redirection.

And if you're really unlucky, a bug in the ISP's web server can be exploited by malware, causing you to get redirected to a malware of phishing site.

With Verizon, there were ways to disable this. They provided alternate DNS addresses which you could configure your computers (or your own DHCP server, if you have a configurable one on a computer or in your router) to use, which would not do this.

You should see if AT&T provides a mechanism to turn this off. If not, then by all means follow Ric's advice and use some third-party DNS service. FWIW, I'm running my own DNS server at home. It sends all failed requests (non-local names that haven't been cached) to one of Google's DNS servers or (as a fallback if Google is unavailable) Comcast (my ISP).
 


Ric Ford

MacInTouch
A lot of ISPs have started implementing this brain-dead nonsense. They configure their DNS servers so every failed lookup results in the IP address of one of their web servers. The idea is that if you type in a URL with a bogus domain, you'll see a search page that will (hopefully) contain useful alternative URLs.
I don't know the specifics here, but controlling searches is obviously a way to make money, as Google has so amply demonstrated, and I know that ISPs were trying to monetize their own particular "portals" at one point in a variation on the theme. So the question here is whether ATT is getting any kind of revenue from this mechanism it's inserting between its customers and the real internet.
 


Thank you everyone for your informative responses to my issue. I really appreciate you (all) and am always browsing MacInTouch for tips, trends and warnings of malware, etc.
 


Ric Ford

MacInTouch
There is an Opt-Out button on the pop-up window, but I haven't clicked on it nor anything in that pop-up. Some folks posted complaints about this some years ago and reported mixed success in opting out. I'll probably click Opt-Out the next time but it really looks like phishing or spam or something similar.
This claims to be a place to get off that bad train:
att.net said:
About the Search Results Page

You’re seeing these results because AT&T has configured its Web servers to offer you a more convenient Internet experience.
These servers are central computers named DNS (Domain Name Service), and they allow you to access and search the Web using words and names (for example, www.att.com) instead of the difficult numeric addresses computer systems use, like 123.45.6.7.

However, sometimes we enter a wrong web address, or maybe the website we want is no longer in service. If this happens, the DNS service automatically searches for similar or related terms and presents you some results that may be useful for you. Otherwise, you’ll get a “No results found” error message, and will have to go back to the previous screen and search again.

Opt-Out of Service

If you prefer to opt out from the DNS service and receive the error message instead, you can do so by following the link below.

Would you like to Opt-Out of this Service? Yes
But it doesn't always work, according to this discussion:
AT&T Community Forums said:
How to get rid of DNS Error Assit
I noticed that suddenly I am getting redirected to a yahoo page when a webpage does not load. It has dnserrorassist in the URL. After searching, I found that it is connected to AT&T. I don't want this, but when I went to opt out I was not able to do it. Another page loads that says it cannot do it at this time. I really don't want this on my computer. Is there another way to opt out?
I have some major issues with ATT injecting things into customers' Internet streams. I encountered this in the past—we saw an anomaly when our web pages were being viewed from ATT Mobile devices and discovered that ATT was injecting invisible changes into the pages as they were being delivered to the people visiting the web site via their network (apparently for tracking purposes). Hopefully, the HTTPS protocol we're using now mitigates that problem, but I don't think ATT ever got the "don't be evil" message that Google once espoused....
 


This claims to be a place to get off that bad train:
The only thing the Opt-Out button does is cookie your browser so that their web server shows you a generic error message instead of search results. (This is why the opt-out also sometimes fails, if you're not accepting cookies or otherwise lose your cookies.) They're still sending you false DNS responses for queries that should be getting NXDOMAIN or similar responses. The best way to avoid this awful situation is to use different DNS resolvers that don't behave like this, like, for example, Google's Public DNS servers.

I skimmed through this article, and it explains everything quite well (specifically "Manipulation by ISPs" and "Remedy" sections):
Wikipedia said:
DNS hijacking
DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

These modifications may be made for malicious purposes such as phishing, or for self-serving purposes by Internet service providers (ISPs) and public/router-based online DNS server providers to direct users' web traffic to the ISP's own web servers where advertisements can be served, statistics collected, or other purposes of the ISP; and by DNS service providers to block access to selected domains as a form of censorship.
 


Thank you Ric! I mean, I'm a little relieved to hear that others have experienced this devious ploy. I did reconfigure my Mac setup to prioritize its DNS in favor of those you provided earlier in this thread. So far, so good!
 


Regarding the failure of the Opt-Out "feature," I saw on my Mac that the CaptiveNetwork process was displaying the pop-up window and that no instances of Safari or Firefox were running. I wonder if the CaptiveNetwork process includes cookies? This concept still bothers me as I have seen that there are so many elusive processes running in the background that we're no longer in control of "our" computer. It seems to be true on all PC platforms.
 


Could someone with experience / knowledge please explain whether a user should add alternative DNS server information (like Google's 8.8.8.8 or CloudFlare's 9.9.9.9) to:
  • the Network System Preference on the Mac;
  • the internet router;
  • the internet modem
or all three?

Which one will be the best and most effective? If the others are not also changed (and therefore use ISP defaults or factory defaults), is there a conflict, and, if so, which device is the arbiter / "winner" of the DNS lottery?

I suspect adding DNS server information of your choosing should be done to the modem, since that is closest to the Internet, but oftentimes getting into the modem to configure it is much more difficult, because it requires assistance from the service provider.
 


After numerous annoying encounters with AT&T's DNS servers, we switched to 8.8.8.8 and 8.8.6.6 [8.8.4.4] (Google), which cleared up things immediately. Not a huge fan of Google, but this service really works better for us. OpenDNS works just as well, but their numbers are simply harder to remember. I haven't tried CloudFlare's yet.

I make the switch in the System Preferences/Network/Advanced/DNS, not on any of my home routers. Local routing to other computers in our home LAN is not affected, and the speed of the initial connection while web browsing is noticeably faster, as in: no detectable delay.

I can usually tell the difference, because when a new computer enters the house, the DNS lookups are slow until I remember to replace att.net with 8.8.8.8. On occasion AT&T works better for a while, but once I make a domain typo, I'll get AT&T's annoying lookup failure page and then in goes 8.8.8.8 for DNS.
 


Ric Ford

MacInTouch
Here's a helpful article on DNS issues and options, including Google, Cloudflare, OpenDNS and Quad9, which is another interesting alternative:
Gizmodo said:
Yes, You Should Still Change Your DNS Settings for Better Internet
There’s more than one reason to shift DNS servers, and while we don’t know the exact configuration of your current connection—so a head-to-head comparison isn’t possible—most people decide to make the change for reasons of privacy, speed, security, reliability, customization, or all five.

... Four of the most popular, reliable, and simple-to-use alternative DNS providers are Cloudflare, Google, Quad9, and OpenDNS. The benefits they provide are similar across the board, though there are some differences too. There’s nothing to stop you from trying them all out to see which works best for you.
 


Could someone with experience / knowledge please explain whether a user should add alternative DNS server information (like Google's 8.8.8.8 or CloudFlare's 9.9.9.9) to:
  • the Network System Preference on the Mac;
  • the internet router;
  • the internet modem
or all three?
I recommend that you add the DNS settings to the device that is providing DHCP services for your local network. In most people's cases, this is the router, which may also be part of the modem. This way, all devices on your network will receive the new DNS settings, including new devices that you add to your network and devices on which it may be difficult or impossible to customize the DNS settings (like IoT devices).
 



Could someone with experience / knowledge please explain whether a user should add alternative DNS server information (like Google's 8.8.8.8 or CloudFlare's 9.9.9.9) to:
  • the Network System Preference on the Mac;
  • the internet router;
  • the internet modem
or all three?
The configuration must be installed in each network host (Mac, phone, tablet, set-top-box, etc.)

If your devices are getting their configuration via DHCP (as most devices these days do if you haven't manually configured them otherwise), then you want to install the addresses into your network's DHCP server, so all your devices can automatically pick them up.

Depending on where your DHCP service comes from, this might be easy or hard. Your gateway router (the one that connects your LAN to your ISP's network) usually provides DHCP services. If yours will let you configure the DNS addresses it serves, that's the place to do it.

But not all routers let you configure this. Mine, for instance, only lets me configure the range of IP addresses it serves but has no configuration for other parameters (like gateway router address and DNS) - forcing you to use its factory defaults. A device like this will usually serve its own address for the router address, and your ISP's DNS servers (which it gets via DHCP or PPoE or other related protocol) for DNS.

If you can't configure your router's DHCP server, you may be able to disable it and run your own. This is what I do. macOS Server includes a DHCP server (don't know if it's in the latest version, but it is in the version I'm running on my El Capitan server), which you can configure to provide many (but not all) of the important parameters. The only parameter I would like, that it doesn't support, is IPv6 DNS addresses.

There are also third-party DHCP servers you can run if you like.

If you can't configure your in-router DHCP server and can't set up your own, then the last remaining option is to statically configure these DNS addresses on each of your hosts.

Host configuration is also useful if you travel, since you will not have any access to the configuration of other people's DHCP servers. With manual configuration in the host, you can use your favorite server from any location (assuming your location doesn't block access - as is the case on some public and corporate networks).
 


Ric Ford

MacInTouch
If your devices are getting their configuration via DHCP (as most devices these days do if you haven't manually configured them otherwise), then you want to install the addresses into your network's DHCP server, so all your devices can automatically pick them up. Depending on where your DHCP service comes from, this might be easy or hard. Your gateway router (the one that connects your LAN to your ISP's network) usually provides DHCP services. If yours will let you configure the DNS addresses it serves, that's the place to do it.
I think that one option is to connect an AirPort base station to your Internet router and configure the AirPort with the DNS servers of your choice, then connect to the AirPort from your devices, rather than using the ISP router.
 





I manage a small creative team with ten iMacs, all running macOS 10.13.6, and we've set up File Sharing on one of our Macs as a central repository of shared files and resources. Lately, however, File Sharing seems to crash for no apparent cause. Other machines either can't see the shared volume at all, or they can see the file listing, but all the files and folders (1.5TB) appear to contain zero MB. Restarting the host machine works some of the time, but not consistently. And then, just as suddenly as File Sharing stops working, it'll go back to normal.

I should add that I work at a major university, and we are one of the few units using Macs (the rest of the university is fitted with Dell PCs running Windows 10). While our office is all Mac, we're all plugged in to the campus LAN. I've done search after search (including here) for someone else with this issue, but virtually every post I can find about File Sharing has to do with the bug in Apple's security update from last fall.

All suggestions would be welcome. We're stumped.
 


Michael,
If one of these Macs is old enough to run OS X 10.11.6 El Capitan, I would strongly suggest reverting to OS X 10.11.6 and OS X Server 5.2 and dedicating that Mac as a standalone file server. We have had this exact setup for years, supporting 30+ designers, and it has been rock-solid. Never a problem and never a crash. All files and folders are shared via AFP, which is still less troublesome than SMB.

Newer versions of the macOS and the Mac server software offer less and less features and more and more issues with regard to having a Mac server and reliably sharing data from a central computer. Yes, I am fully aware Apple has bailed on macOS Server, but that does not disqualify using an older, known-to-be-working offering.

And, yes, Macs running OS X 10.8.x through macOS 10.13.x have all successfully connected to this server, and there have been zero issues with sharing.
 


Ric Ford

MacInTouch
I manage a small creative team with ten iMacs, all running macOS 10.13.6, and we've set up File Sharing on one of our Macs as a central repository of shared files and resources. Lately, however, File Sharing seems to crash for no apparent cause.
Scott-E's note reminded me that you're probably using SMB, as you're required to do with APFS file-sharing, and my understanding is that Apple's SMB implementations have been buggy, so his advice about using AFP sounds on-point to me.
 


I manage a small creative team with ten iMacs, all running macOS 10.13.6, and we've set up File Sharing on one of our Macs as a central repository of shared files and resources.
The problem is Apple's implementation of SMB since they abandoned Samba. The client part is far more reliable than the server part. Server is a disaster and File Sharing isn't much better.

My suggestion is to get a Synology NAS. The one I put in at a client has been used 24/7 by over 20 users for over a year. It just works.
 


The problem is Apple's implementation of SMB since they abandoned Samba. The client part is far more reliable than the server part. Server is a disaster and File Sharing isn't much better. My suggestion is to get a Synology NAS. The one I put in at a client has been used 24/7 by over 20 users for over a year. It just works.
We've had a pair of Synologys running for about 6 months now and have had a few issues with sharing - most notably speed but also with reliability.

We have a heavily scripted workflow, and we've had some instances where scripts would run fine on AFP but simply refuse to run on SMB. We have done the 'hacks' to make Synologys work better with SMB, but we're defaulting to AFP until we can make things better.

FWIW, we had them set up as a High Availability cluster, but a lengthy power outage (our UPSs ran out, and for some reason, the Synologys didn't shut down properly) killed the cluster. It took a couple of days to get the correct procedure from Synology to get them back up and running (the hardware reset wasn't working).

We now have them running as a standalone server and a synced backup, and anecdotally, I think the performance is a little better.

I still like them, I'm just not totally sold.
 


I use a Mac Mini with 256 Gig Apple SSD with two Thunderbolt 2 ports and USB ports. I run Sierra and Apple server. On each Thunderbolt 2 port is an Akitio 4-bay enclosure, a total of 8 separate disks. Three of the disks are mirrored using SoftRAID, which is our main server. The other 5 disks are used as follows:
4. A small SSD to back up the Mac Mini.​
5. A spinning hard disk dedicated to Time Machine to back up the mirrored server hourly as protection from human goofs.​
6. An SSD to back up the server using Carbon Copy Cloner (in case I needed to run off of this backup).​
7. A spinning hard disk to back up the client machines using Carbon Copy Cloner to a disk image file. Note that our client machines really do not change, so once a month is good enough for us.​
8. Another spinning hard disk to be used to park files that I do not want on the server nor need to be backed up. Temp files storage, if you will.​
The point of this is that this system is not terribly expensive, and you do not really need fast SSDs for most of the functions. The server mirror has two SSDs and one spinning disk. Most of the rest of the disks are spinning disks. Who cares how long the server clone takes at 1 AM? Or if Time Machine has 1 hour before the next backup.

I have been running this system for a long time. The current setup is really the second generation. The Mac Mini was purchased to obtain the Thunderbolt and USB 3 ports to speed up backups, especially the off-site backup. I have used SoftRAID for my server from the beginning, and it has worked without any issues that I can remember. Note that Time Machine is used only for catching accidents, such as accidentally deleting a file. It is not really used to back up the server as I use CCC automatically each night to generate a clone, and I manually copy the server to a SSD in a pocket-sized enclosure, which I use as the off-site backup.

I suggest some variation of what I have done would serve Michael Kaplan's needs, if his needs are similar to ours. I am not sure that my system would work well if you are creating terabytes of information each day.
 


One other issue with Synology units: the Spotlight search doesn't return everything - it’s capped at something like 2000 records. Depending on usage, that may not be a problem, but it can be for filtered searches, or when you are trying to find file types etc. If Synology would have a connector for Open Directory I would be 100% sold.
 


... our UPSs ran out, and for some reason, the Synology didn't shut down properly ...
I'd be interested to know if you diagnosed this and found it was a misconfiguration or a Synology issue. I'm a bit concerned, because a client's Synology is plugged into a UPS.
 


I'd be interested to know if you diagnosed this and found it was a misconfiguration or a Synology issue. I'm a bit concerned, because a client's Synology is plugged into a UPS.
I'm not sure why it didn't shut down, but Synology support confirmed there was a bug that caused passive server to go into 'safe mode' if power was lost. The problem here is that we didn't have SSH turned on, and you can't connect directly to the passive server via DSM. This is what they told me:
The issue is caused by a known issue which is already being updated in DSM6.2.1.
It is an issue that will cause Passive to enter safe mode during a certain situation.
If you updated to DSM6.2.1, then this problem could be avoided.
We have auto-update of DSM on, so I'm guessing this update may not have been available before our problem. The version number I'm seeing (DSM 6.2-23739 Update 2) doesn't make it entirely clear whether we are OK or not.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts