{"id":367,"date":"2020-11-15T14:15:13","date_gmt":"2020-11-15T13:15:13","guid":{"rendered":"http:\/\/www.labtinker.net\/?p=367"},"modified":"2020-11-15T14:15:13","modified_gmt":"2020-11-15T13:15:13","slug":"barefaced-cheek","status":"publish","type":"post","link":"https:\/\/labtinker.net\/?p=367","title":{"rendered":"Barefaced Cheek"},"content":{"rendered":"\n

I was messing around with various things when I had cause to check the address of this website and found I was getting a different ip address for 18.135.13.153\/ <\/em>and labtinker.net<\/em>.  This should not happen because 18.135.13.153\/<\/em> has a DNS CNAME record which points to labtinker.net <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

And this in turn points to the ip address of the website:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

So both these URLs should ultimately point to the same ip address, 3.8.120.91<\/p>\n\n\n\n

This is what I saw in ‘nslookup’ from my machine.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

And then I spotted my error. I’d put in an extra ‘w’ in the first part of the URL. But if I owned the domain how could someone add a DNS record for it? I did a ‘whois’ on the ip address and found the following:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

The ip address I was served from wwww.labtinker.net<\/em> was owned by Barefruit-Errorhandling and a quick google took me this post which explained what was going on…<\/p>\n\n\n\n

https:\/\/manurevah.com\/blah\/en\/blog\/DNS-Hijacking-via-Barefruit-Talktalk-and-Others<\/a><\/p>\n\n\n\n

Essentially it seems, my ISP, Virgin are using Barefruit’s services to intercept my DNS queries and instead of serving up an error pages from incorrect URLs, serve their own page up.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

with suggested searches which didn’t seem that relevant\u2026(Why Rome?)<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

They do allow you to turn this off:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I noticed some websites had anticipated this and registered likely typos, others hadn’t.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

I’ve a feeling this DNS interception is probably widespread and well known but I’d personally never noticed it before – possibly to due to accurate typing \ud83d\ude09 <\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

I was messing around with various things when I had cause to check the address of this website and found I was getting a different ip address for 18.135.13.153\/ and labtinker.net.  This should not happen because 18.135.13.153\/ has a DNS CNAME record which points to labtinker.net And this in turn points to the ip address […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-367","post","type-post","status-publish","format-standard","hentry","category-dns"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts\/367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=367"}],"version-history":[{"count":0,"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts\/367\/revisions"}],"wp:attachment":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}