Barefaced Cheek

I was messing around with various things when I had cause to check the address of this website and found I was getting a different ip address for www.labtinker.net and labtinker.net.  This should not happen because www.labtinker.net has a DNS CNAME record which points to labtinker.net

And this in turn points to the ip address of the website:

So both these URLs should ultimately point to the same ip address, 3.8.120.91

This is what I saw in ‘nslookup’ from my machine.

And then I spotted my error. I’d put in an extra ‘w’ in the first part of the URL. But if I owned the domain how could someone add a DNS record for it? I did a ‘whois’ on the ip address and found the following:

The ip address I was served from wwww.labtinker.net was owned by Barefruit-Errorhandling and a quick google took me this post which explained what was going on…

https://manurevah.com/blah/en/blog/DNS-Hijacking-via-Barefruit-Talktalk-and-Others

Essentially it seems, my ISP, Virgin are using Barefruit’s services to intercept my DNS queries and instead of serving up an error pages from incorrect URLs, serve their own page up.

with suggested searches which didn’t seem that relevant…(Why Rome?)

They do allow you to turn this off:

I noticed some websites had anticipated this and registered likely typos, others hadn’t.

I’ve a feeling this DNS interception is probably widespread and well known but I’d personally never noticed it before – possibly to due to accurate typing 😉