Monday, 6 September 2010

BT Hijack DNS

BT have started using barefruit.co.uk to hijack DNS NXDOMAINS to point to their marketing results. I've got my ADSL with BT using a Vanilla HomeHub 2.0 and just checked my router and I'm currently using 62.6.40.178 as my primary DNS server, 194.72.65.69 as my secondary.

Checking google's Name servers:

tng@danny:~$ dig @8.8.8.8 sausage.ora

; <<>> DiG 9.6.1-P2 <<>> @8.8.8.8 sausage.ora
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30604
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sausage.ora. IN A

;; AUTHORITY SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010090600 1800 900 604800 86400

;; Query time: 217 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 6 18:24:00 2010
;; MSG SIZE rcvd: 104





tng@danny:~$ dig @62.6.40.178 sausage.ora

; <<>> DiG 9.6.1-P2 <<>> @62.6.40.178 sausage.ora
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32766
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sausage.ora. IN A

;; ANSWER SECTION:
sausage.ora. 30 IN A 92.242.132.15

;; Query time: 56 msec
;; SERVER: 62.6.40.178#53(62.6.40.178)
;; WHEN: Mon Sep 6 18:24:31 2010
;; MSG SIZE rcvd: 45

tng@danny:~$ host 92.242.132.15
15.132.242.92.in-addr.arpa domain name pointer unallocated.barefruit.co.uk.


tng@danny:~host 62.6.40.178
178.40.6.62.in-addr.arpa domain name pointer indnsc71.ukcore.bt.net.
178.40.6.62.in-addr.arpa domain name pointer indnsc71.bt.net.


I think this looks very iffy to me following the fun they had with Phorm.

tng@danny:~$ dig @194.74.65.69 sausage.ora

; <<>> DiG 9.6.1-P2 <<>> @194.74.65.69 sausage.ora
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63921
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sausage.ora. IN A

;; ANSWER SECTION:
sausage.ora. 30 IN A 92.242.132.15

;; Query time: 121 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Mon Sep 6 18:32:30 2010
;; MSG SIZE rcvd: 45

tng@danny:~$ host 92.242.132.15
15.132.242.92.in-addr.arpa domain name pointer unallocated.barefruit.co.uk.


When will BT learn that they are just a pipe?

3 comments:

Dave130 said...
This comment has been removed by the author.
Dave130 said...

Try This
Go Here

http://preferences.webaddresshelp.bt.com/selfcare/preferences.cgi

Disable BT Web Address Help

tng said...

Thanks Dave,

Yes - that link does opt you out. However, I published the post before BT announced that BT Web Address Help was being launched. First they switched it on, then switched it off (for a week or so), then switched it back on permanently. Looking at my followup posts, you will see that I'd already posted that link to opting out and what it was all about.