main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal

This is a locked archive and content on this page may no longer be up to date. These posts and threads have been archived for reference only.

Archive

Vodafone poisoning DNS and injecting SSL cert when browsing imgur.com

SOLVED
View solved solution
2: Seeker

I've got all content filtering turned off, yet Vodafone is still injecting an SSL certificate from contentcontrol.vodafone.co.uk when I browse imgur.com.

 

I've seen other solutions to switch my DNS server away from Vodafone, but this isn't really a reasonable solution for mobile phones.

 

Any word on getting this fixed so that turning content control off means it's actually off?

 

Configuration:

Screen Shot 2017-12-28 at 12.06.13 PM.png

 

Chrome screenshot:

Screenshot_20171228-121003.jpg

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
2: Seeker

This is a problem with the Vodafone DNS server - when I do a DNS lookup on imgur.com against Vodafone's DNS server, it comes back with a Vodafone IP but when I use a public DNS server like Google's, it points at the correct IP.

 

I've resolved this by logging in to the router and changing its DNS settings to point to Google's DNS servers so that all connected devices work automatically. Hopefully this helps the next person to experience this issue. 

 

 

~ $ dig @192.168.1.1 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @192.168.1.1 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31403
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		300	IN	A	90.255.255.1

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Dec 28 12:32:41 2017
;; MSG SIZE  rcvd: 43

~ $ dig @8.8.8.8 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		2582	IN	A	151.101.16.193

;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Dec 28 12:32:47 2017
;; MSG SIZE  rcvd: 43

 

View solution in original position

View more options
4 REPLIES 4
Highlighted
2: Seeker

This is a problem with the Vodafone DNS server - when I do a DNS lookup on imgur.com against Vodafone's DNS server, it comes back with a Vodafone IP but when I use a public DNS server like Google's, it points at the correct IP.

 

I've resolved this by logging in to the router and changing its DNS settings to point to Google's DNS servers so that all connected devices work automatically. Hopefully this helps the next person to experience this issue. 

 

 

~ $ dig @192.168.1.1 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @192.168.1.1 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31403
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		300	IN	A	90.255.255.1

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Dec 28 12:32:41 2017
;; MSG SIZE  rcvd: 43

~ $ dig @8.8.8.8 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		2582	IN	A	151.101.16.193

;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Dec 28 12:32:47 2017
;; MSG SIZE  rcvd: 43

 

View solution in original position

View more options
Moderator

@yvshmr As we'll need access to your account to look into this for you, please get in touch with our Broadband Live Chat team.

View more options
9: Established

You really don't need to look into his account for this issue at all - there isn't a Vodafone customer who isn't having this problem.

The Vodafone DNS is broken on this site and many more. The ONLY way Vodafone braodband customers can have reliable DNS lookup responses is if they change away from the Vodafone servers and use some of the large, public ones instead (Google being a favourite for many).

As soon as people do this, ALL of the DNS issues go away - so a very good indication where the problem is. This leaves two unfortunate problems:

1. Many of your customers don't know how to fix this issue

2. Your technical support "script readers" also won't know how to fix this and will certainly not talk a customer through changing DNS servers or offer to escalate this to 2nd line support

Don't waste time asking for the user's account details - instead contact your 2nd line and infrastructure support teams and ask them when they are going to fix the issue.

View more options
3: Seeker

My broadband is working yet (probably an Openreach issue that I documented in too muchdetail further up the board) but good to know this once it does spring into life.

I guess its entirely possible (and reasonable?) that an isp would route certain traffic through its own proxy servers for caching and maybe filtering?

By the way, had I known there were a few other technical folk on the board, I would have given a bit more technical detail into my problem (no service at all). Even if I can't solve the problem I'd love to know in a bit more detail what the situation is and not just "....openreach didn't finish and will give an update soon...". It would be interesting to know what they need to do etc? Anyway, don't want to hijack your thread - perhaps I should update my own?

 

View more options